KNOW  YOUR 

PARTNER 


Including  vendors  on  IT  teams 
can  deepen  your  skills  bench  and 
bolster  project  expertise,  but  at 
the  risk  of  exposing  far  too  much 
inside  information.  Vendor  part¬ 
ners  who  hang  around  the  office 
and  drop  in  on  meetings  can  gain 
insights  into  plans  for  new  proj¬ 
ects  and  deadlines,  which  can 
work  against  you  when  negotiat¬ 
ing  future  contracts.  Here’s  how 
to  get  the  most  out  of  trusted  al¬ 
lies  while  foiling  corporate  spies. 
STORY  BEGINS  ON  PAGE  45. 


'  VENDOR 

ACCESS  TIPS 

■  “Sterilize”  areas 
vendors  can  enter. 
Clear  all  whiteboards 
of  project  plans  and 
budget  figures. 

-l  Set  a  “need  to  know” 
policy  -  and  enforce  it. 

Never  give  nontech¬ 
nical  vendors  access. 

0  Educate  all  employ¬ 
ees  about  physical, 
virtual  and  verbal 
security. 


IT  Still  Iffy  on  Web  Services 


Datek  IT  Integration 
Challenges  Ameritrade 


Merged  online  brokerage  begins  massive  task 
of  melding  low-end,  high-end  architectures 


BY  LUCAS  MEARIAN 

Two  months  after  Ameritrade 
Holding  Corp.  completed  its 
$1.3  billion  acquisition  of 
Datek  Online  Holdings  Corp., 
IT  managers  at  the  merged 
online  brokerage  are  rolling 
up  their  sleeves  to  begin  inte¬ 
grating  two  distinctly  differ¬ 
ent  technology  architectures. 

Before  the  effort  is  finished, 
Ameritrade  IT  executives 
said  last  week,  three  data  cen¬ 
ters  must  be  consolidated  into 
two,  a  pair  of  online  trading 
Web  sites  needs  to  become 
one,  and  a  single  IT  infra¬ 
structure  has  to  be  set  up. 

That  won’t  happen  over¬ 
night.  For  example,  Cecilia 
Murphy,  vice  president  of 


technology  engineering  ser¬ 
vices  at  Omaha-based  Ameri¬ 
trade,  said  the  company’s  plan 
is  to  have  a  unified  systems  ar¬ 
chitecture  in  place  by  next 
summer.  Ameritrade  hasn’t 
decided  yet  what  server  tech¬ 
nologies  will  be  used,  she  said. 

Datek’s  IT  backbone  com¬ 
prises  mostly  low-end  Win¬ 


dows  NT  servers  running 
proprietary  middleware  that 
passes  message  traffic  back 
and  forth  between  its  Web 
site  and  trading  system.  The 
company  had  also  installed 
Linux-based  IBM  servers  built 
around  Intel  microprocessors. 

On  the  other  hand,  Ameri¬ 
trade  uses  San  Jose-based 
BEA  Systems  Inc.’s  Tuxedo 
transaction  middleware  and 
has  a  technology  infrastruc- 

Ameritrade,  page  16 


Ameritrade  Is  Dumping: 

■  Paper  checks  and  wire  transfers 
in  favor  of  the  financial  industry’s 
Automated  Clearing  House  system 

■  Its  Omaha  data  center,  leaving 

IT  facilities  in  Kansas  City,  Mo., 
and  Secaucus,  N.J. _ 

■  (Clearing  LLC,  a  Datek-affiliated 
company  that  handled  trade¬ 
clearing  activities 


Ameritrade  Is  Keeping: 

■  Web  site  functionality  from  both 

online  brokerages  for  use  in  a 
merged  site  _ 

■  Datek’s  Streamer  product 

for  streaming  news,  charts  and 
sales  information _ 

■  The  Datek  Direct  order-router 
system,  which  lets  customers 
track  their  trades 


ft 


Users  experimenting, 
see  potential  for  help 
with  app  integration 

BY  CAROL  SLIWA 

Web  services  clearly  will  play 
a  role  in  the  application  inte¬ 
gration  plans  of  many  IT 
shops.  But  how  big  a  role,  and 
when  that  will  happen,  is  any¬ 
body’s  guess. 

Several  IT  managers  attend¬ 
ing  Gartner  Inc.’s  recent  Ap¬ 
plication  Integration  and  Web 


Services  conference  in  Chica¬ 
go  said  they  have  yet  to  deter¬ 
mine  in  what  ways,  if  any,  they 
will  use  Web  services  to  ad¬ 
dress  their  integration  needs. 

“I  think  it  will  play  a  large 
part  over  time.  We’re  looking 
at  using  it  in  isolated  cases  to 
get  some  experience,”  said  Bill 
Genn,  a  site  architect  at  Lon¬ 
don  Life  Insurance  Co.  in  Lon¬ 
don,  Ontario. 

Genn  said  one  such  effort 
might  involve  aggregating  in- 
Web  Services,  page  57 


Citrix  to  Simplify  Licensing 


Vendor  vows  to  make 
both  purchase-  and 
usage-tracking  easier 

BY  CAROL  SLIWA 

ORLANDO 

Citrix  Systems  Inc.  knows  its 
licensing  policy  is  too  compli¬ 
cated,  and  last  week  it  pledged 
to  do  something  about  it. 

CEO  Mark  Templeton  told 
customers  at  the  Citrix  iForum 
conference  here  that  changes 
are  in  the  works  to  make  it 
easier  to  do  business  with  the 
Fort  Lauderdale,  Fla.-based 
software  maker. 

In  an  interview  with  Com- 
puterworld,  Templeton  ex¬ 


plained  that  his  company  is 
working  on  a  technology- 
based  approach  to  help  cus¬ 
tomers  count  and  manage  li¬ 
cense  connections  through  a 
service  that  either  Citrix  or 
the  customer  can  run. 

Citrix’s  core  product, 
MetaFrame  XP,  delivers  ap¬ 
plications  to  end  users  from 
a  central  server.  Customers 
buy  license  connections 
through  resellers  based  on 
the  number  of  concurrent 


ALSO  ATiFORUM; 

Citrix  Systems  announced  new 
products  and  partnerships: 

QuickLink  34224 
‘iv  www.computerworld.com 


users  accessing  the  server. 

Licensing  services  will  be 
built  into  Citrix’s  software,  al¬ 
lowing  customers  and  the 
vendor  “to  count  usage  in 
about  five  different  ways,” 
Templeton  said.  That  will 
give  both  parties  “the  flexibil¬ 
ity  to  have  licensing  programs 
built  around  different  ways  of 
counting,”  he  added. 

He  said  he  expects  to  pre¬ 
sent  the  new  options  to  cus¬ 
tomers  in  about  a  year. 

For  many  of  them,  that 
promises  welcome  relief.  Ray¬ 
mond  Leitz,  director  of  tech¬ 
nical  services  at  AutoNation 
Inc.  in  Fort  Lauderdale,  said 
Citrix’s  current  licensing  poli¬ 
cies  “do  not  make  sense”  for 
his  company.  For  starters,  he 

Citrix,  page  57 


apple.com/xserve 


Porsche  has  a  420-hp,  water-cooled, 


mMM 


.  <  ft*'- . 


Presenting  Xserve,  one  of  the  fastest  1U  servers  on  Earth.  Featuring  the 
exceptional  performance  of  dual  1  GHz  PowerPC  G4  processors,  each  with 


2MB  of  Double  Data  Rate  (DDR)  L3  cache.  Best-in- class  storage,  with  up  to  480GB  on  four  hot-plug  ATA/100  drives.  And  best- 
in-class  networking  capabilities  with  standard  dual  Gigabit  Ethernet  ports.  Xserve  also  comes  with  UNIX-based  Mac  OS  X 
Server  software  (with  an  unlimited  client  license),  making  it  ideal  for  providing  file  and  print  services,  mail  and  web  services, 


streaming  digital  media  and  for  running  database  applications.  Xserve  is  also  perfect  for  computational  clustering  and  I/O 
intensive  applications  like  digital  video,  high-resolution  digital  imagery  and  managing  large  scientific  datasets.  And,  thanks 


'I'M  and  © 2002 Apple  Computer,  Inc.  All  rights  reserved.  Porsche  is  a  registered  trademark  of Dr  Ing.  b.c.  F.  Porsche  AG.  *Restrici 


twin- turbo  power  plant  We  have  this. 

to  a  convenient  visual  feedback  system,  you  can  monitor  the  performance  of  an  entire  rack  with  just  a  glance.  Or,  keep  an 
eye  on  Xserve  from  virtually  anywhere  with  Apple’s  next-generation  remote  management  tools. 

Plus,  you  can  swap  parts  and  replace  components  at  will  without  tools  and  get  instant  help  with 
4-hour  onsite  response  and  24/7  technical  support  with  AppleCare.*  Xserve  also  provides  out-of- 
the-box  support  for  Mac,  Windows,  UNIX  and  Linux  clients,  three  PCI  slots  (two  of  which  are 
64-bit,  66MHz),  software  RAID  mirroring  and  striping,  a  VGA  graphics  card,  two  USB  ports  and  a 
host  of  other  features  that  are  far  too  numerous  to  list  here.  Apple  Xserve.  Take  a  look  under  the  hood  at  apple.com/xserve. 

apl>l\  Forimma>ulco>im)iisi^ialtxlu*btbeAppl(terelMmiumSmicewulSup[K)rlMan,inatuvu.(Wlea>m/suplX)rVlm>ducts 


Does  your  software  let  you  manage  and  protect  your  wireless  enterprise  no  matter 
where  it  goes?  Ours  does. 


Managing  your  enterprise  was  hard  enough  when  you  knew  where  it  was.  Now,  thanks  to  the  boom  in  wireless  devices,  mission-critical 
data  and  systems  can  walk  in  and  out  the  door  at  will.  That's  why  it's  vital  to  have  software  that  can  keep  track  of  your  wireless  enterprise 
no  matter  where  it  goes.  Our  infrastructure  management  software  is  considered  the  gold  standard,  making  it  one  of  the  best  choices  for 
securing  and  managing  your  global  environment.  And  it  works  across  multiple  platforms,  so  it's  compatible  with  what  you  have  today 
and  what  you  add  tomorrow.  Sure,  your  devices  may  still  get  lost.  But  your  information  won't.  ca.com/wireless/enterprise 

Wireless  Solutions 

©  2002  Computer  Associates  International,  Inc.  (CA).  All  rights  reserved. 


Computer  Associates" 


COKTIHTS 

- — - 1—  O  i.lAA 


Finding  the  T  in  TCO 

In  the  Management  Section:  Calculating  the  total  cost  of 
ownership  for  desktop  systems  is  becoming  trickier,  as 
workers’  desktops  now  comprise  far  more  than  PCs.  IT 
departments  must  figure  in  the  costs  associated  with  lap¬ 
tops,  PDAs,  cell  phones  and  wireless  service  connections. 
Page  48 


NEWS 


6  Procter  &  Gamble  is  seeking 
smaller  outsourcing  deals  af¬ 
ter  ending  negotiations  with 
EDS  on  a  large  contract. 

6  Dell  will  introduce  at  Comdex 
a  device  aimed  at  HP’s  iPaq 
product  line. 

7  Microsoft  users  mull  the  im¬ 
pact  as  the  antitrust  case  may 
have  reached  its  end. 

7  Microsoft  announces  its 

Tablet  PC  operating  system, 
which  lets  users  input  data 
with  a  digital  pen. 

8  Verizon  plans  to  offer  IP- 
based  network  services  in 
markets  across  the  U.S. 

12  Although  Republicans  have 
gained  control  of  Congress,  IT 
observers  say  little  is  likely  to 
get  done  on  privacy  without 
Democrats’  backing. 

12  Loews  is  deploying  a  client¬ 
less  VPN  that  lets  remote 
users  securely  access  e-mail 
and  the  corporate  intranet 
from  any  PC. 

14  Oracle  will  announce  a  man¬ 
agement  tool  upgrade  de¬ 
signed  to  support  the  moni¬ 
toring  of  complete  database 
and  middleware  installations. 

14  SAP’s  xApps  technology  for 
linking  multiple  systems  will 
take  center  stage  at  the  com¬ 
pany’s  developer  conference. 

15  AOL  enters  the  corporate  in¬ 
stant  messaging  market,  fol¬ 
lowing  a  similar  announce¬ 
ment  by  Yahoo  last  month. 


TECHNOLOGY 

32  Spam  Wars.  Companies  are 
enlisting  technology  to  block 
nuisance  e-mail,  while  spam¬ 
mers  try  to  subvert  it  with 
new  techniques  to  get  their 
messages  through. 

34  The  Balancing  Act.  Tuning  an 
intrusion-detection  system  is 
still  a  tricky  affair  that  re¬ 
quires  the  right  mix  of  tools, 
processes  —  and  experience. 

36  Future  Watch:  Good  Morning, 
Dave  .  .  .  The  Defense  De¬ 
partment  is  working  on  a  self- 
aware  computer.  Will  it  be  a 
dream  machine  or  a  science 
fiction  nightmare? 

40  Security  Journal:  Stalking 
Elusive  Access  Points.  Math¬ 
ias  Thurman  takes  readers’ 
advice  and  creates  a  direc¬ 
tional  antenna  with  a  tennis- 
ball  can  to  track  down  rogue 
WLAN  access  points. 

MANAGEMENT 

45  Know  Your  Partner.  Includ¬ 
ing  vendors  on  IT  teams  bol¬ 
sters  project  expertise,  but  at 
the  risk  of  exposing  too  much 
inside  information.  Here’s 
how  to  get  the  most  out  of 
trusted  suppliers  while  foiling 
corporate  spies. 

52  Q&A:  John  Hagel  III,  co¬ 
author  of  the  new  book  Out  of 
the  Box:  Strategies  for  Achiev¬ 
ing  Profits  Today  &  Growth 
Tomorrow  Through  Web  Ser¬ 
vices,  offers  tips  to  IT  man¬ 
agers  experimenting  with  the 
nascent  set  of  technologies. 


11.11.02 


Web  Identity:  Weighing  the  Alternatives 

In  the  Technology  Section:  Microsoft’s  Passport  and  the 
Liberty  Alliance  specify  incompatible  authentication 
technologies  today.  Here’s  how  they  work  —  and  how 
they  might  interoperate  in  the  future.  Page  27 


OPINION 


8  On  the  Mark:  Mark  Hall  en¬ 
counters  a  debate  between 
IPsec  and  SSL  security  ven¬ 
dors  and  learns  that  Web  ser¬ 
vices  built  with  .Net  are  very 
vulnerable  to  reverse¬ 
engineering. 

24  Patricia  Keefe  warns  CIOs 
that  the  Sarbanes-Oxley  Act 
that  hopes  to  keep  CEOs  and 
CFOs  honest  may  haunt  IT 
executives,  too. 

24  Pimm  Fox  is  wary  of  so-called 
collaboration  tools  that  re¬ 
quire  lots  of  administrative 
help  and  leave  management 
out  of  the  picture. 

25  Thornton  May  wonders  why 
portfolio  management  skills 
have  withered  in  IT,  because 
they  could  be  a  big  help  now. 

42  Nicholas  Petreley  claims  PHP 
and  Python  are  beginning  to 
demonstrate  their  worth. 

52  Bart  Perkins  says  anyone  can 
cut  supplier  costs  in  a  buyer’s 
market.  But  don’t  squeeze  too 
hard,  he  warns,  because  it’s 
bound  to  leave  your  suppliers 
angry  and  waiting  for  revenge. 

58  Frank  Hayes  says  the  Micro¬ 
soft  antitrust  ruling  was  no 
surprise  to  those  who  know 
about  courtroom  settlements 
and  IT  history. 

DEPARTMENTS/RESOURCES 

At  Deadline . 6 

News  Briefs . 8, 14 

Letters . 25 

Company  Index . 56 

How  to  Contact  CW  . 56 

Shark  Tank  . 58 


ONLINE 

WWW.COMPUTERWORLD.COM 

Meet  the  Security  Adviser 

KNOWLEDGE  CENTER:  As  consultant  Peter  H. 
Gregory  launches  a  new  column  in  the  Secu¬ 
rity  Knowledge  Center,  he  discusses  the 
need  for  IT  managers  to  maintain  security 
awareness  on  the  job  at  all  times. 

©  QuickLink  34212 

What’s  Your  Fault  Feedback 
Ratio? 

KNOWLEDGE  CENTER:  Columnist  Johanna 
Rothman  says  you  should  start  tracking  how 
many  of  your  bug  fixes  are  successful  and 
how  many  are  bad.  ©  QuickLink  34155 

Storage  Editor’s  Choice  WebLog 

KNOWLEDGE  CENTER:  A  collection  of  what 
you  need  to  know  from  around  the  Web, 
compiled  by  editor  at  large  Marian  Prokop 
and  online  managing  editor  Sharon  Machlis. 

©  QuickLink  a2690 

Operating  Systems  Forum 

FORUMS:  The  Computerworld  forums  had 
more  than  45,000  visits  last  week.  Come  see 
what  the  attraction  was.  ©  QuickLink  a2680 

Get  Ready  for  the  Rebound 

ONLINE  NEWS:  Companies  can  begin  posi¬ 
tioning  themselves  now  for  an  economic  re¬ 
bound  by  focusing  on  technologies  and 
strategies  that  will  boost  the  top  line,  namely 
Web  services,  “right-channeling,”  shareable 
systems  and  adaptive  supply  networks,  say 
Forrester  Research  analysts. 

©  QuickLink  34269 


What’s  a  QuickLink? 

O0n  some  pages  in 
this  issue,  you’ll  see 
a  QuickLink  code  pointing 
to  additional,  related  con¬ 
tent  on  our  Web  site.  Just 
enter  that  code  into  our 
QuickLink  box.  which 
you'll  see  at  the  top  of 
each  page  on  our  site. 


ONLINE 

DEPARTMENTS 

Breaking  News 

©  QuickLink  a1510 

Newsletter  Subscriptions 

©  QuickLink  a1430 

Knowledge  Centers 

©  QuickLink  a2570 

The  Online  Store 

©  QuickLink  a2420 


6  COMPUTERWORLD  November  11,  2002 


NEWS 


www.computerworld.com 


Gates  Details  Visual 
C++  Upgrade  Plans 


Bili  Gates,  Microsoft  Corp.’s 
chairman  and  chief  software  ar¬ 
chitect,  said  the  company  is  de¬ 
veloping  a  Visual  C++  .Net  up¬ 
grade  that  will  be  “98%  confor¬ 
mant”  to  the  International  Organi¬ 
zation  for  Standardization’s  C++ 
standard.  Speaking  at  an  object- 
oriented  programming  conference 
in  Seattle,  Gates  also  demonstrat¬ 
ed  a  tool,  code-named  Scout,  that 
Microsoft  is  using  internally  to 
uncover  software  vulnerabilities. 


DHL  Opens  Data 
Center  in  Arizona 

DHL  Worldwide  Express  Inc.  said 
it  planned  to  begin  using  a  data 
center  in  Scottsdale,  Ariz.,  over 
the  weekend,  completing  a  trio  of 
IT  facilities  in  the  U.S.,  Europe 
and  Asia.  San  Francisco-based 
DHL  plans  to  invest  $250  million 
over  the  next  five  years  to  build 
and  operate  the  new  data  center 
[QuickLink  27679]. 


Symantec  Fixes 
Software  Flaw 

Symantec  Corp.  issued  a  patch 
designed  to  fix  a  memory-alloca¬ 
tion  flaw  in  its  Norton  Internet  Se¬ 
curity  2003  software  suite.  The 
flaw  could  cause  e-mail  messages 
to  be  deleted  before  they  reach 
end-user  in-boxes.  The  problem 
involves  the  antispam  portion  of 
the  software,  according  to  Cuper¬ 
tino,  Calif.-based  Symantec 
[QuickLink  34291], 


Sun  Still  Mulling 
Software  Pricing 

Jonathan  Schwartz,  executive 
vice  president  of  Sun  Microsys¬ 
tems  Inc.'s  software  unit,  said  the 
company  still  hasn’t  decided  how 
to  charge  users  who  want  to  buy 
more  functional  versions  of  the 
middleware  products  it  plans  to 
bundle  with  Solaris.  Sun  will  in¬ 
clude  ...  triad-functionality  ver¬ 
sion  its  Open  Net  Environment 
pro;  is  <n  the  next  release  of  the 
operating  system,  he  said. 


P&G  Kills  Single-Vendor 
Negotiations  With  EDS 


Consumer  goods  company  will  instead 
seek  multiple  smaller  outsourcing  deals 


BY  TODD  R.  WEISS 

ROCTER  &  GAMBLE 
Co.’s  quest  for  a  multi- 
billion-dollar  IT  and 
business  operations 
outsourcing  deal  took  yet  an¬ 
other  twist  last  week,  as  the 
consumer  products  maker  dis¬ 
closed  that  it’s  giving  up  on 
trying  to  reach  an  agreement 
with  a  single  vendor. 

P&G  had  been  negotiating  a 
contract  with  Electronic  Data 
Systems  Corp.  that  was  ex¬ 
pected  to  be  worth  as  much  as 
$10  billion  over  10  years.  But 
P&G  spokeswoman  Linda  Ul- 
rey  said  the  Cincinnati-based 
company  now  plans  to  pursue 
a  series  of  smaller  deals  with 
multiple  outsourcing  vendors. 

“We’re  going  to  continue  to 
look  at  outsourcing  opportuni¬ 
ties,”  Ulrey  said.  “What  we’ve 
done  is  modify  our  approach.” 


When  asked  if  the  weak 
third-quarter  financial  results 
EDS  reported  last  month  influ¬ 
enced  P&G’s  decision,  Ulrey 
acknowledged  that  a  warning 
issued  by  EDS  “caused  us  to 
pause  and  look  at  the  whole 
market.  The  dynamics  there 
are  changing  very  rapidly.” 

Pieces  of  the  Pie 

P&G  had  already  slowed  down 
the  pace  of  its  talks  with  EDS 
after  the  two  companies  ini¬ 
tially  indicated  they  were  just 
days  away  from  finalizing  a 
deal  [QuickLink  33410].  De¬ 
spite  last  week’s  development, 
EDS  will  still  be  invited  to 
pursue  pieces  of  the  outsourc¬ 
ing  pie  at  P&G,  Ulrey  said. 

Ken  Smalling,  a  spokesman 
for  Plano,  Texas-based  EDS, 
said  company  officials  under¬ 
stand  and  accept  P&G’s  new 


direction.  “We’re  pleased  that 
we’re  considered  by  them  to 
be  a  leading  candidate  to  sup¬ 
port  their  needs,”  he  added. 

Andrew  Efstathiou,  an  ana¬ 
lyst  at  The  Yankee  Group  in 
Boston,  said  this  kind  of  turn¬ 
about  isn’t  uncommon.  Com¬ 
panies  that  want  to  outsource 
some  of  their  business  opera- 

We’re 

going  to 
continue  to  look 
at  outsourcing 
opportunities. 
What  we’ve 
done  is  modify 
our  approach. 

LINDA  ULREY,  SPOKESWOMAN. 
PROCTOR  &  GAMBLE 


tions  along  with  IT  “have  been 
very  aggressive”  in  negotia¬ 
tions  with  vendors,  he  said. 

In  this  case,  P&G  has  been 
looking  to  sell  its  back-office 
business  operations  to  an  out¬ 
sourcing  vendor,  which  would 
likely  have  required  a  large  up¬ 
front  outlay  of  money  on  the 
part  of  EDS  or  another  vendor. 

P&G  has  “had  difficult  ne¬ 
gotiations  with  everybody” 
because  of  the  required  cash 
infusion,  Efstathiou  said. 

“Now  they  want  to  break  it 
up  into  smaller  pieces  so  it’s 
more  easily  digestible.” 

EDS  has  had  two  rounds  of 
negotiations  with  P&G  in  re¬ 
cent  months.  It  was  one  of  the 
original  finalists  for  the  out¬ 
sourcing  deal,  along  with  Dal¬ 
las-based  Affiliated  Computer 
Services  Inc.  (ACS).  But  EDS 
withdrew  its  proposal  in  July, 
citing  concerns  over  the  ac¬ 
quisition  price  P&G  was  seek¬ 
ing  for  its  operations. 

That  left  ACS  as  the  only 
apparent  contender.  However, 
EDS  returned  to  the  table  in 
September,  and  ACS  took  it¬ 
self  out  of  the  running.  Lesley 
Pool,  chief  marketing  officer 
at  ACS,  last  week  declined  to 
comment  on  P&G’s  decision 
to  seek  multiple  deals.  I 


Dell  Targets  HP  With 
Pocket  PC  Handheld 


BY  BOB  BREWIN 

Dell  Computer  Corp.  plans  to 
introduce  a  low-priced  Pocket 
PC  handheld  computer  at  next 
week’s  Comdex/Fall  2002 
trade  show  in  Las  Vegas  as 
part  of  a  bid  to  extend  its 
reach  into  the  corpo¬ 
rate  IT  market. 

Analysts  said  Dell’s 
entry  into  the  hand¬ 
held  market  is  also  de- 


COMDEX 

PREVIEW 


signed  to  put  added  pressure 
on  Hewlett-Packard  Co.  HP 
has  been  selling  devices  based 
on  Microsoft  Corp.’s  Pocket 
PC  operating  system  since 
early  2000  and  currently  of¬ 
fers  iPaq  devices  developed  by 
Compaq  Computer  Corp., 
which  HP  acquired  in  May. 

Dell  offered  a  teaser  intro¬ 


duction  to  its  Axim  X5  hand¬ 
held  on  its  Web  site  last  week. 
The  vendor  declined  to  dis¬ 
close  pricing,  except  to  say 
that  the  device  would  be  sold 
at  “unheard-of  low  prices.” 

Sam  Bhavnani,  an  analyst  at 
ARS  Inc.  in  La  Jolla, 
Calif.,  predicted  that 
Dell  will  sell  a  low-end 
version  of  the  Axim  X5 
with  Intel  Corp.’s  300- 
MHz  StrongArm  processor 
and  32MB  of  memory  for  $199. 
A  higher-end  model  with  a 
400-MHz  processor  and  64MB 
of  memory  is  expected  to  be 
priced  at  $299,  he  added. 

Bhavnani  said  Dell  has  con¬ 
tracted  with  Wistron  Corp.,  a 
subsidiary  of  Acer  Inc.  in  Tai¬ 
pei,  Taiwan,  to  manufacture 


the  Axim  X5.  Wistron  already 
makes  the  Cassiopeia  line  of 
Pocket  PCs  for  Tokyo-based 
Casio  Computer  Co.  Dell  didn’t 
return  calls  seeking  comment. 

The  prices  Dell  is  expected 
to  charge  are  well  below  the 
$500  to  $700  price  range  of 
HP’s  iPaq  line.  HP  plans  to  in¬ 
troduce  new  iPaq  models  at 
Comdex,  but  a  spokesman  de¬ 
clined  to  comment  on  the 
pricing  plan  for  the  devices. 

Alex  Slawsby,  an  analyst  at 
IDC  in  Framingham,  Mass., 
said  Dell  took  notice  of  the 
success  HP  has 
had  with  iPaq 
among  corporate 
users  and  decided 
that  it  needed  a 
handheld  of  its 
own  to  round  out 
its  hardware  line. 

But  the  low 
price  of  the  Axim 
X5  won’t  matter 
for  many  corpo¬ 


rate  IT  buyers,  Slawsby  said. 
He  predicted  that  Dell  will 
“throw  in  the  handhelds  as  a 
deal  closer”  on  sales  involving 
its  servers  and  PCs. 

Bhavnani  said  Dell  is  at¬ 
tempting  to  commoditize  yet 
another  slice  of  the  computer 
market.  But,  he  added,  “there 
is  a  lot  of  room  for  innovation 
in  this  market,”  pointing  to  the 
new  Tungsten  devices  that 
Milpitas,  Calif. -based  Palm 
Inc.  announced  last  month 
[QuickLink  33932], 

Palm,  which  uses  its  own  op¬ 
erating  system, 
also  sells  the  $99 
entry-level  Zire 
device.  For  that 
reason,  Bhavnani 
said  he  doesn’t 
expect  Dell’s  en¬ 
trance  to  put  as 
much  pressure  on 
Palm  as  it  does  on 
other  Pocket  PC 
vendors.  I 


PRICING 

Handheld  PCs 

$99 

$199-3299* 

$500-8700 

3499 

’Based  on  analysts'  predictions 


NEWS 


www.computerworld.com 


Users  Weigh  Impact 
Of  Microsoft  Case 


Many  IT  managers 
uncertain  decision 
will  bring  changes 

BY  PATRICK  THIBODEAU 

WASHINGTON 

Throughout  the  Microsoft 
Corp.  antitrust  case,  users 
have  been  divided  about  the 
wisdom  of  the  government’s 
actions.  Now,  as  the  case  pos¬ 
sibly  nears  its  end,  many  are 
mulling  its  impact. 

“I  don’t  see  this  having  a  sig¬ 
nificant  impact  on  Microsoft 
or  making  the  world  more 
competitive,”  said  Donald 
Stroud,  information  systems 
director  at  Plain  Dealer  Pub¬ 
lishing  Co.  in  Cleveland.  “The 


world  is  going  to  be  more 
competitive  when  somebody 
has  better  ideas  that  Microsoft 
can’t  take  and  run  with.” 

But  Andre  Mendes,  chief 
technology  integration  officer 
at  the  Public  Broadcasting 
Service  in  Alexandria,  Va.,  said 
he  believes  competition  is 
thriving,  with  or  without  the 
lawsuit.  “I  think  there  is  plenty 
of  evidence  in  the  marketplace 
that  innovation  has  not  been 
stifled,”  said  Mendes,  who 
pointed  to  success  stories  — 
Linux,  in  particular.  “By  and 
large,  worthwhile  and  worthy 
software  packages  are  making 
inroads.” 

After  three  months  of  hear¬ 
ings  that  ended  in  June,  U.S. 


District  Court  Judge  Colleen 
Kollar-Kotelly  on  Nov.  1  reject¬ 
ed  a  sweeping  set  of  remedies 
sought  by  nine  states  that  had 
refused  to  sign  a  Bush  admin¬ 
istration  settlement. 

The  case  isn’t  officially 
closed,  and  if  the  nonsettling 
states  decide  to  appeal,  it 
could  last  another  year  at 
least.  The  state  attorneys  gen¬ 
eral  were  occupied  with  re- 
election  last  week,  and  no  de¬ 
cision  has  been  made  on  an 
appeal,  said  Bob  Brammer,  a 
spokesman  for  Attorney  Gen¬ 
eral  Tom  Miller  of  Iowa,  one 
of  the  nonsettling  states. 

Legal  experts  say  an  appeal 
would  be  difficult.  Appeals 
courts  tend  to  give  a  lot  of  def¬ 
erence  to  trial  judges,  said 
Robert  Lande,  a  University  of 
Baltimore  law  professor,  who 
said  the  decision  is  “close  to 
appeal-proof.” 

But  that’s  not  to  say  that  the 
nonsettling  states  don’t  have 


Microsoft  Launches  Tablet 

Hardware  vendors  ready  pen-based 
devices;  early  adopters  satisfied 


BY  LINDA  ROSENCRANCE 

After  months  of  prelaunch 
publicity,  Microsoft  Corp.  last 
week  unveiled  its  Windows 
XP  Tablet  PC  Edition  operat¬ 
ing  system,  which  lets  note¬ 
book  users  work  with  a  digital 
pen  instead  of  a  keyboard. 

Nearly  two  dozen  hardware 
vendors,  including  Acer  Inc., 
Hewlett-Packard  Co.,  NEC 
Corp.  and  Toshiba  America  In¬ 
formation  Systems  Inc.,  are  set 
to  release  Tablet  PC  devices 
starting  as  early  as  this  week. 

Microsoft  officials  claimed 
that  the  advent  of  the  Tablet 
PC  represents  an  evolution  of 
the  corporate  notebook  PC, 
and  some  early  users  said  they 
think  the  technology  can  live 
up  to  the  hype  vendors  are 
generating. 

David  Methot,  contracts 
manager  at  Bechtel  National 
Inc.,  said  the  Richland,  Wash.- 
based  engineering  firm  has 
been  using  Taipei,  Taiwan- 
based  Acer’s  TravelMate  100 
to  reduce  the  amount  of  time 


it  takes  to  finalize  contracts 
with  customers. 

Methot  said  that  even 
though  Bechtel  has  a  Web- 
based  contract  management 
system,  contract  closeout  ad¬ 
ministrators  often  ran  into  de¬ 
lays  because  they  had  to  track 
him  down  to  get  his  signature 
on  hard-copy  documents.  But 
with  the  Tablet  PC,  the  admin¬ 
istrators  can  save  hours  or 
even  days  by  e-mailing  Methot 
the  documents,  which  he  signs 
electronically  and  then  sends 
back  to  them. 

Workers  are  also  using  the 
devices  to  take  handwritten 
notes  during  meetings,  saving 
the  time  it  would  take  them  to 
transcribe  notes  written  on  pa¬ 
per  into  their  PCs,  he  said. 

Tablet  PC  users  can  write 
directly  on  a  specialized  LCD 
screen  with  a  digital  pen  or,  in 
some  cases,  input  information 
using  a  traditional  keyboard 
and  mouse.  Microsoft  also 
included  a  program  called 
Microsoft  Windows  Journal, 


PC  Software 


Tablet  PC 

■  The  software  includes  the  full 
capabilities  of  Windows  XP 
Professional  Edition. 


■  Users  can  write  directly  on  an 
LCD  screen  using  a  digital  pen. 


■  Handwritten  notes  can  be 
saved  in  longhand  or  converted 
into  ASCII  text. 


■  Supported  languages  include 
English,  German,  Japanese, 
Korean  and  Chinese  (both  tra¬ 
ditional  and  simplified). 


which  allows  handwritten 
notes  to  be  stored  as  graphics 
called  digital  ink.  In  addition, 
the  software  can  convert  hand¬ 
written  notes  into  ASCII  text. 

The  Tablet  PC  devices, 
which  are  expected  to  cost 
about  $2,000,  are  designed  for 
users  who  aren’t  typically  teth¬ 
ered  to  their  desks,  such  as  in¬ 
surance  adjusters  and  field 
sales  and  service  workers. 

The  underlying  use  of  Win¬ 
dows  XP  paves  the  way  for  the 
new  technology  to  fit  into  cor- 


COMPUTERWORLD  November  11, 2002 


7 


What’s  Next? 

APPEAL?  The  nine  nonsettling 
states  could  appeal,  but  legal 
experts  say  the  chances  for  a 

successful  appeal  are  slim. 

«  ©  *  *  *  *  *  »  *  «  *«-**»*■ 

EUROPE:  This  is  Microsoft’s 
most  significant  threat;  antitrust 
authorities  are  due  to  act  next 
month. 

»***a«99(!*»®*»*4l*i**9a6*»6 

PRIVATE  CASES:  Preliminary 
injunction  would  force  Windows 
Java  Virtual  Machine  distribution. 
Otherwise,  cases  may  take  years. 

grounds.  The  states  could  ar¬ 
gue  that  in  limiting  her  reme¬ 
dies,  Kollar-Kotelly  misread 
last  year’s  Court  of  Appeals 
decision  that  upheld  a  lower 
court’s  finding  that  Microsoft 
had  illegally  maintained  its 
operating  system  monopoly. 

“She  has  let  them  off  the 
hook  from  some  of  the  more 
substantial  liability  findings, 


porate  IT  infrastructures  and 
makes  it  possible  for  develop¬ 
ers  to  use  existing  tools  to 
build  Tablet  PC  applications, 
said  Kelly  Berschauer,  a  prod¬ 
uct  manager  at  Microsoft. 

Henry  King,  CIO  at  Skid¬ 
more,  Owings  &  Merrill  LLP, 
said  building  designers  at  the 
New  York-based  architectural 
firm  use  design-creation  and 
communication  software  de¬ 
veloped  by  Autodesk  Inc.  on 
HP’s  Compaq  TC  1000  tablet 
device. 

King  said  the  combination 
of  the  Tablet  PC  and  San 
Rafael,  Calif.-based  Autodesk’s 
application  lets  users  sketch 
out  design  concepts,  mark  up 
drawings  and  instantly  send 
changes  to  the  entire  design 
team  from  remote  locations. 

Selling  users  on  the  Tablet 
PC  technology  won’t  be  a 
short-term  slam-dunk  for  Mi¬ 
crosoft  and  its  hardware  part¬ 
ners,  said  Michael  Gartenberg, 
an  analyst  at  Jupiter  Media 
Metrix  Inc.  in  New  York  and  a 
Computer-world  columnist. 

But,  he  added,  “five  years  from 
now,  it’s  likely  that  tablet  func-  I 
tionality  will  become  part  of 
mainstream  computing,  and 
we  won’t  view  it  as  anything 
special  or  different.”  ► 


and  I  think  that  is  something 
that  will  raise  eyebrows,”  said 
Donald  Falk,  an  antitrust  at¬ 
torney  at  Mayer,  Brown,  Rowe 
&  Maw  in  Palo  Alto,  Calif. 

Some  observers  said  the 
lawsuit  may  have  changed  Mi¬ 
crosoft  for  the  better.  “There 
appears  to  be  an  effort  to  clean 
up  their  practices,  as  well  as 
their  image,”  said  Chris  Apgar, 
head  of  security  at  Providence 
Health  Plan  in  Beaverton,  Ore. 
“Whether  that  really  is  true  or 
is  a  new  coat  of  whitewash  re¬ 
mains  to  be  seen.” 

If  users  are  uncertain  about 
the  antitrust  case’s  impact,  Mi¬ 
crosoft’s  competitors  —  de¬ 
spite  the  ongoing  private  anti¬ 
trust  cases  —  seem  resigned. 

“Ultimately,  it’s  now  case 
closed,  and  it’s  back  to  creat¬ 
ing  great  products  and  letting 
the  customers  decide,”  said 
Matthew  Szulik,  CEO  and 
president  of  Linux  vendor  Red 
Hat  Inc.  in  Raleigh,  N.C. 

Makers  of  products  that  Mi¬ 
crosoft  wants  to  compete  with 
are  wary.  Microsoft  has  made 
an  aggressive  push  into  the 
development  of  mobile  phone 
software  and  operating  sys¬ 
tems  over  the  past  three  years, 
but  so  far  major  players  don’t 
feel  threatened. 

William  Plummer,  vice 
president  of  strategic  planning 
and  external  relations  at  Nokia 
Inc.  in  Irving,  Texas,  said  he 
expects  antitrust  authorities 
will  “remain  vigilant”  to  en¬ 
sure  that  any  one  company 
doesn’t  try  to  “manipulate”  the 
mobile  phone  market. 

Jon  C.  Dell’Antonia,  infor¬ 
mation  systems  director  at 
clothing  maker  OshKosh 
B’Gosh  Inc.  in  Osh  Kosh,  Wis., 
said  only  time  will  tell  what 
changes  the  lawsuit  will  bring. 
But,  he  said,  “what  did  [Micro¬ 
soft]  really  lose?  What  did 
they  get  taken  away  from  them 
that’s  really  significant?  The 
answer  I  come  up  with  is, 
‘Nothing’.”  ► 


Bob  Brewin  and  Todd  R.  Weiss 
contributed  to  this  report. 


NOT  OVER  YET 

Microsoft  still  faces  legal  actions  brought  by 
competitors  and  the  European  Commission. 

QuickLink  34231 
www.computerworld.com 


COMFUTERWORLD  November  11, 2002 


NEWS 


www.computerworld.com 


BRIEFS 


IBM  Taps  Leader  of 
‘On-Demand’  Push 

IBM  announced  in  an  internal 
memo  that  it’s  naming  Linda 
Sanford,  who  has  been  heading 
the  company’s  storage  systems 
group,  to  take  charge  of  the  “on- 
demand”  computing  initiative 
outlined  two  weeks  ago  by  CEO 
Samuel  J.  Palmisano  [QuickLink 
34091].  IBM  said  the  storage 
unit  will  be  merged  with  its  serv¬ 
er  group  effective  Jan.  1. 


WorldCom,  SEC  in 
Settlement  Talks 

WorldCom  Inc.  said  that  it’s  dis¬ 
cussing  a  settlement  of  an  inves¬ 
tigation  into  its  accounting  irreg¬ 
ularities  with  the  U.S.  Securities 
and  Exchange  Commission.  The 
company  added  that  “based  on 
very  preliminary  reviews,”  it  now 
expects  to  lower  previous  profits 
by  more  than  $9  billion.  That’s 
up  from  an  earlier  estimate  of  a 
decrease  of  S7.2  billion,  which  in 
turn  was  roughly  double  what 
WorldCom  initially  predicted. 


Cisco  Up  in  Q1,  But 
Lowers  Its  Forecast 

Cisco  Systems  Inc.  reported  its 
sixth  straight  quarter  of  improved 
financial  performance,  saying 
that  revenue  rose  9%  year-over- 
year  to  S4.8  in  its  first  quarter. 
Net  profits  totaled  $618  million 
during  the  quarter,  which  ended 
Oct.  26.  But  Cisco  predicted  that 
revenue  in  the  current  three- 
month  period  could  be  about  the 
same  as  in  the  first  quarter  or 
down  by  as  much  as  4%. 


Short  Takes 

Ottawa-based  COREL  CORP.  laid 
off  about  220  employees,  reduc¬ 
ing  its  workforce  by  22%. . . . 
IBM  announced  a  deal  to  buy 
Tarian  Software  Inc.,  an  Ottawa- 
based  developer  of  electronic 
records  management  software. 

. . .  NOVELL  INC.  released  an  up¬ 
grade  of  its  eDirectory  software 
the  ids  support  for  IBM’s  AIX 
ope.  tiling  system. 


MARK  HALL  ■  ON  THE  MARK 

IPsec,  SSL  Vendors  May 
Fumble  Security . . . 

. . .  opportunities  in  the  emerging  Web  services  world,  where  applica¬ 
tions  will  be  protected  higher  in  the  software  stack,  according  to  Bob 
Blakely,  chief  scientist  for  privacy  and  security  at  IBM’s  Tivoli  Soft¬ 
ware  unit.  Both  IPsec  and  SSL,  he  says,  don’t  use  “intuition”  like  peo¬ 
ple  do  in  protecting  systems.  He  likens  the  protocols  to  “the  British 
Army  notion  of  security,  where  they  will  defend  themselves  until  they’re 
killed.  Protection  is  not  defeating  an  enemy,  but  holding  it  off  until 
people  can  fix  the  problem,”  he  adds.  Until  Web  services  arrive  in 


force,  however,  IPsec  and  SSL  vendors  will 
continue  to  whack  each  other  with  claims 
about  the  deficiencies  of  the  other’s  ap¬ 
proach.  Evan  Kaplan,  CEO  of  Seattle- 
based  Aventail  Corp.,  touts  SSL  for  its 
ubiquity  in  browsers  and  slams  IPsec  for 
its  complexity.  Countering  is  Sweta 
Duseja,  product  marketing 
manager  at  Check  Point  Soft¬ 
ware  Technologies  Ltd.  in 
Redwood  City,  Calif.,  who 
disses  SSL  because  its  simplic¬ 
ity  is  valid  with  only  HTTP- 
based  applications;  anything 
else,  and  you’ve  got  increased 
licensing  and  installation  has¬ 
sles.  IPsec,  she  argues,  gives 
IT  better  management  control 
over  resources.  Both  compa¬ 
nies  are  doing  more  than  just 
tossing  brickbats  at  each  oth¬ 
er.  Aventail  is  readying  a  Java 
client  that  will  work  with  its 
EX-1500  security  appliance, 
adding  security  to  PDAs,  Mac¬ 
intoshes,  kiosks  and  anything 
else  that  can  run  a  Java  virtual 


machine.  It’s  now  in  beta  with  no  sched¬ 
uled  release  date,  says  Kaplan.  Not  to  be 
outdone,  Duseja  points  to  Check  Point’s 
Linux  client,  which  will  ship  before 
year’s  end.  And,  she  says,  the  company  is 
already  building  client  code  for  Apple 
Computer  Inc.’s  OS  X  for  delivery  next 
year.  ■  Web  services  may  be 
offering  a  new  methodology 
for  security,  but  the  code  you 
use  to  build  these  services 
may  be  the  most  vulnerable 
part  of  the  application,  espe¬ 
cially  if  you’re  using  Visual 
Studio  .Net.  Web  services  cre¬ 
ated  with  Microsoft  Corp.’s  de¬ 
velopment  platform  can  easily  be 
decompiled,  revealing  their 
source  code  and  thus  jeopar¬ 
dizing  intellectual  property 
as  well  as  the  program’s  se¬ 
curity  and  licensing  restric¬ 
tions.  That’s  why  at  Comdex 
next  week  Microsoft  wall  be 
bragging  about  a  deal  it 
made  with  PreEmptive  Solu¬ 
tions  Inc.  The  Cleveland- 


based  company’s  Dotfuscator,  now  avail¬ 
able  as  a  separate  tool,  will  become  part 
of  the  next  release  of  Visual  Studio  .Net, 
code-named  Everett,  in  the  first  half  of 
next  year.  Microsoft  developers  are  unac¬ 
customed  to  protecting  their  code,  says 
PreEmptive  CEO  Gabriel  Torok,  because 
Windows  apps  are  compiled  as  x86  bina¬ 
ries  —  far  more  difficult  to  reverse-engi¬ 
neer.  This  is  no  small  matter,  because 
there  are  plenty  of  tools  to  decompile 
software,  and  it’s  not  illegal.  But  it’s  not  nice. 
■  Is  your  Oracle  database  slower  than  a 
vendor’s  customer  support?  Well,  next 
April  you  can  boost  its  speed  with  Info- 
Cyclone  Inc.’s  database  accelerator  appli¬ 
ance.  The  Tel  Aviv-based  company  be¬ 
lieves  that  its  device  can  deliver  near- 
real-time  responses  even  to  the  most 
complex  business  intelligence  queries  by 
replicating  the  most  used  data  in  its  4GB 
or  16GB  memory.  ■  Online  CRM  vendors 
are  warily  waiting  for  Microsoft  to  re¬ 
lease  its  CRM  product,  which  Alex  Si¬ 
mon,  product  unit  manager,  says  will  ship 
in  “30  to  40  days.”  Keith  Raffel,  chairman 
of  UpShot  Corp.  in  Mountain  View,  Calif., 
purports  that  because  you’ll  be  able  to  li¬ 
cense  Microsoft  CRM  for  on-site  use,  as 
well  as  via  the  application  service 
provider  model  like  his  company’s  com¬ 
peting  software,  the  Redmond  giant’s  ap¬ 
proach  “will  not  be  a  true  Web  service.” 
Simon  says  that’s  not  so.  “All  of  it  is  .Net- 
aware,”  he  claims.  The  UpShot  software, 
which  is  built  on  .Net  technology,  goes 
live  next  week.  The  vendor  hopes  that 
the  software’s  “gangbuster  growth”  will 
get  a  boost  from  its  tight  integration  with 
Microsoft  Outlook.  Raffel  is  also  betting 
that  Microsoft’s  entry  will  boost  overall 
interest  by  midsize  companies  in  online 
CRM.  No  doubt.  According  to  Simon,  Mi¬ 
crosoft  will  be  spending  tens  of  millions 
of  dollars  to  promote  the  new  software. 

As  if  we  don’t  hear  from  them  enough.  I 


Ready  &  Waiting 


Linux  applications 
packager  Cybernet 
Systems  Corp.  today 
releases  NetMAX 
Web  Mail  and  Net¬ 
MAX  Store,  an 
e-commerce  store¬ 
front. 

Expand  Beyond  Corp. 

today  ships  Pocket- 
DBA  2.0  with  en¬ 
hanced  Oracle  fea¬ 
tures  as  well  as  new 
support  for  Microsoft 
SQL  Server  and 
IBM’s  DB2. 


Verizon  Seeks  to  Move 
Beyond  Local  Networks 


Plans  to  offer 
IP-based  services 


BY  MATT  HAMBLEN 

Verizon  Communications  last 
week  said  that  it  plans  to  court 
large  corporate  users  with  IP- 
based  voice,  data  and  network 
management  services,  as  a  re¬ 
sult  of  its  expanding  long-dis¬ 
tance  footprint. 

The  New  York-based  tele¬ 


communications  carrier  last 
month  won  approval  from  the 
U.S.  Federal  Communications 
Commission  to  offer  long-dis¬ 
tance  services  in  Virginia,  and 
a  spokesman  for  Verizon  said 
it  expects  to  receive  similar 
approvals  for  Maryland,  West 
Virginia  and  Washington  by 
next  April. 

The  FCC  approvals  should 
help  the  company  become  a 
national  network  operator, 


Verizon  CEO  Ivan  Seidenberg 
said  during  a  conference  call. 

Verizon’s  business  is  largely 
based  in  the  Northeast  now. 
But  the  company  said  it  plans 
to  set  up  an  IP-based  network 
backbone  along  the  Interstate 
95  corridor  between  Virginia 
and  Massachusetts  within  a 
year  and  then  add  connections 
to  its  business  operations  in 
Dallas,  Los  Angeles,  Seattle 
and  Tampa,  Fla. 

The  full  rollout  is  due  to  be 
completed  during  the  next  18 
months.  Verizon  said  it  will  of¬ 
fer  voice  and  data  networking 
as  well  as  services  such  as  net¬ 
work  management  and  data 


storage,  business  recovery,  se¬ 
curity  and  remote  access. 

Jeff  Kagan,  an  independent 
analyst  in  Atlanta,  said  that 
Verizon  is  positioning  itself  to 
be  like  AT&T  Corp.  and  other 
national  carriers  by  emphasiz¬ 
ing  managed  network  services, 
not  just  long-distance  voice. 

Bill  Moore,  telecommunica¬ 
tions  manager  at  the  Museum 
of  Modern  Art  in  New  York, 
said  he  hopes  the  expanded 
strategy  means  he  will  get  bet¬ 
ter  treatment  from  Verizon.  “I 
have  three  different  Verizon 
reps  in  three  states,  so  maybe 
this  means  I’ll  now  only  have 
one  to  deal  with,”  he  said.  I 


FREE  White 


Kf  i  iiriHMr/  ii 


Data  Cenmr  imrasiniciurtj 

Just  mail  or  fax  this  completed 
coupon  or  contact  APC  for  your 
FREE  white  paper  -  Avoiding 
Costs  from  Oversizing  Data 
Center  Infrastructure  Better 
yet,  order  it  today  at  the  APC 
Web  site!  You  will  also  receive  a 
free  PowerStruXure”  CD: 
"Presenting  PowerStruXure". 

http://promo.  apc.com 


Key  Code 
h487y 


(888)  289-APCC  x2538  •  FAX:  (401 )  788-2797 


Legendary  Reliability" 


rnrri 


I  Airnirlinn  P note  from  fliforcivinn 


i  mm 


uaia  uciiici  iimadLiutiuic 


■  s 


XTrS t? 

out  Of®*® 

LcooWqutaW 

today-  J 


I  I  Ybs!  Send  me  more  information  via  e-mail  and  sign  me  up  for  APC  PowerNews  e-mail  newsletter.  |  Key  Code  h487y  | 
What  type  of  availability  solution  do  you  need? 

□  UPS:  0-16kVA  (Single-phase)  □  UPS:  10-80kVA  (3-phase  AC)  □  UPS:  80+  kVA  (3-phase  AC)  □  DC  Power 

□  Network  Enclosures  and  Racks  □  Precision  Air  Conditioning  □  Monitoring  and  Management 

□  Cables/Wires  □  Mobile  Protection  □  Surge  Protection  □  UPS  Upgrade  □  Don't  know 
Purchase  timeframe?  □<  1  Month  □  1-3  Months  □  3-12  Months  □  1  Yr.  Plus  □  Don't  know 
You  are  (check  1):  □  Home/Home  Office  □  Business  (<1000  employees)  □  Large  Corp.  (>1000  employees) 

□  Gov't,  Education,  Public  Org.  □  APC  Sellers  &  Partners 

©2002  APC.  All  trademarks  are  the  property  of  their  owners.  PSX3A2EB-USb_2c  •  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA 


BUSINESS  REPLY  MAIL 

FIRST-CLASS  MAIL  PERMIT  NO.  36  WEST  KINGSTON  Rl 


POSTAGE  WILL  BE  PAID  BY  ADDRESSEE 

APC 

ATTENTION  CRC:  h487y 
Department:  B 
132  FAIRGROUNDS  ROAD 
PO  BOX  278 

WEST  KINGSTON  Rl  02892-9920 


NO  POSTAGE 
NECESSARY 
IF  MAILED 
IN  THE 

UNITED  STATES 


HP/COMPAQ  •  SUN  •  IBM 


DELL  •  CISCO  •  LUCENT 


Pay  as  you  grow  with  new  PowerStruXure™ 

Manageable.  Modular.  Pre-engineered. . 

From  IkW  to  5MW,  PowerStruXure  architecture  provides  a  patent-pending,  integrated 
approach  to  building  data  center  infrastructure  utilizing  standardized,  pre-assembled 
components. 


"...  I  enjoy  the  fact  that  I  can 
buy  only  what  I  need  now 
and  add  to  it  later  only  when 
I  need  to. " 

Michael  Touchstone, 

Manager  of  Energy 
Conservation, 

Cox  Communications 


PowerStruXure's  scalable,  modular  design  lets  you  build  out  capacity  only  as  it's 
required.  You  can  also  easily  adapt  to  the  ever-changing  requirements  of  your  server 
room  or  data  center,  proactively  manage  the  physical  layer  of  your  network  infrastruc¬ 
ture,  and  increase  your  system  availability  per  dollar. 


"PowerStruXure's  Integration  is  an  example 
of  thoughtful  design,  taking  many  of  the 
costly,  disparate  environmental  systems  in 
a  data  center  and  unifying  them...." 


Best  of  all,  you  will  never  be  boxed  in  by  pro¬ 
prietary  solutions.  PowerStruXure  is  vendor- 
neutral  and  compatible  with  all  major  server 
and  internetworking  platforms,  including 
HP/Compaq,  Dell,  IBM,  Sun,  Alcatel,  Cisco, 
Nortel,  Ericsson,  and  Siemens. 

Find  out  today  why  experts  and  users  agree: 
you  no  longer  need  to  design  your  data 
center  using  an  outmoded  approach. 


Winner  of  the  Windows  and  .Net  Magazine  "2002 
Reader's  Choice  Award  for  Best  High  Availability 
Solution"  and  the  GCN  "Best  New  Technology  Award" 
at  FOSE,  March  2002. 


Greg  Tally,  Broadband  Editor 
Boardwatch  Magazine 


Legendary  Reliability  " 


Planning  a  data  center  is  easy!  Try  our  online  configurator  today! 

or  download  a  FREE  White  Paper:  "Avoiding  Costs  from  Oversizing  Data  Center  Infrastructure" 

Visit  http://promo.apc.com  Key  Code  h487y  •  Call  888-289-APCC  x2538  •  Fax  401-788-2797 

©2002  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners  •  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  •  PSX3A2EF-USg 


fSilpS 


Recognize  any  of  those  issues?  Or,  perhaps,  all  of  them?  We 
thought  so.  That’s  why  we’ve  made  Microsoft®  Windows®  XP 
Professional  and  Microsoft  Office  XP  Professional  the  most 
reliable  desktop  we’ve  ever  built.  Want  specific  examples? 


IVIanaging  desktop  reliability  can  be  challenging 
That’s  why  there’s  Windows  XP  and  Office  XP. 


mp 

j-: 


Windows  XP  Professional  has  an  average  system  uptime  that  is 
10  times  better  than  Windows  98  SE,  and  3  times  better  than 
Windows  NT  4.0,  so  there  are  fewer  work  stoppage  incidents. 
With  AutoRecovery,  Office  XP  Professional  automatically  saves 


the  current  document,  spreadsheet,  or  presentation  at  the  time 
an  application  stops  responding,  so  users  don’t  lose  all  their  work 
(and  don't  call  the  helpdesk  looking  for  it).  Want  more  reasons  to 
upgrade?  Visit  microsoft.com/desktop 


COfcSPUTERWORLO  November  11, 2002 


NEWS 


Senate  May  Take  New 
Tack  on  Tech  Issues 


Fate  of  opt-in  effort  in  doubt;  stronger 
support  for  banking  privacy  possible 


BY  PATRICK  THIBODEAU 

WASHINGTON 

Republican  control 
of  both  houses  of 
Congress,  and  the 
leadership  changes 
it  will  bring  about,  could  deter 
efforts  to  bring  opt-in  privacy 
protections  to  online  com¬ 
merce.  However,  Capitol  Hill’s 
approach  to  other  privacy 
issues  may  not  change. 

The  bid  to  allow  the  sharing 
of  personal  information  only 
if  consumers  actively  agree  to 
it,  known  as  opt-in,  has  been 
strongly  opposed  by  the  tech¬ 
nology  industry  but  champi¬ 
oned  by  Sen.  Ernest  “Fritz” 
Hollings  (D-S.C.),  the  current 
chairman  of  the  Senate  com¬ 
merce  committee.  That  has 
the  technology  industry  wel¬ 
coming  the  return  of  Sen.  John 
McCain  (R-Ariz.)  as  chairman 
of  the  key  committee. 

“McCain  is  certainly  more 
tech-industry-sensitive  then 
Hollings,”  said  John  Pala- 
foutas,  vice  president  of  the 
AEA,  an  electronics  trade 
group  in  Washington.  But 
Hollings  “is  still  a  force  to  be 
contended  with,  and  for  any¬ 
thing  to  happen  in  that  com¬ 
mittee,  Sen.  McCain  is  going 
to  need  Hollings’  coopera¬ 
tion,”  Palafoutas  said. 

The  differences  between 
McCain  and  Hollings  on  pri¬ 
vacy  are  clear;  McCain  has 
previously  backed  the  more 
passive  opt-out  approach  to 
privacy  legislation. 

Smoother  Transition 

While  the  Senate  commerce 
committee  will  likely  shift  in 
s  approach,  the  same  can’t 
said  for  the  Senate  banking 
nmittee,  which  is  expected 
to  ;ake  up  renewal  of  the  state 
,  reemption  provisions  of  the 
.  ivacy  protections  in  the  Fair 
.  edit  Reporting  Act  (FCRA). 


The  FCRA  allows  sharing 
of  certain  kinds  of  data  among 
business  affiliates;  states  are 
prohibited  from  setting  their 
own  data-sharing  rules.  The 
provision,  which  expires  at  the 
end  of  next  year,  has  the  po¬ 
tential  to  become  the  leading 
financial  privacy  issue  of  2003. 

In  this  case,  a  change  in  lead¬ 
ership  may  not  make  a  differ¬ 
ence.  Sen.  Paul  Sarbanes  (D- 
Md.),  the  chairman  of  the 
banking  committee,  may  be 
replaced  by  Sen.  Richard  Shel¬ 
by  (R-Ala.),  also  a  strong  advo¬ 
cate  of  privacy  protections. 

“Shelby  is  one  of  the  most 
ardent  pro-privacy  senators  of 
either  party,”  said  Evan  Hen- 


Offer  access  to 
corporate  nets 
from  any  computer 


BY  MATT  HAMBLEN 

Financial  conglomerate  Foews 
Corp.  next  week  will  begin  the 
second  phase  of  a  clientless 
virtual  private  network  (VPN) 
rollout  to  give  remote  users 
access  to  its  internal  network. 

The  adoption  of  emerging 
clientless  VPN  technology  by 
New  York-based  Foews  means 
that  users  won’t  need  to  load 
a  VPN  client  on  a  remote  PC, 
giving  them  secure  access  to 
e-mail  and  corporate  docu¬ 
ments  from  any  computer. 

Analysts  described  client¬ 
less  VPNs,  often  dubbed 
Secure  Sockets  Layer (SSL) 
VPNs,  as  a  relatively  new  of¬ 
fering  being  delivered  in  the 
past  three  months  by  many 
networking  providers. 

“What  intrigued  us  was  that 
it  meets  our  goal  to  get  e-mail 


dricks,  editor  and  publisher 
of  “Privacy  Times.”  “Privacy 
is  in  much  better  shape  [in  the 
banking  committee]  than  any¬ 
where  else.” 

But  the  Senate  commerce 
committee  has  been  the  key 
committee  for  technology 
legislation.  It  was  there  that 
Hollings  began  his  effort  to 
force  technology  suppliers  to 
build  mechanisms  into  their 
products  to  stop  piracy. 

That  measure  has  already 
faced  problems.  “If  it  wasn’t 
already  going  nowhere,  I  think 
with  the  Republican  control  of 
the  Senate,  it  would  be  [more 
likely  to  go  nowhere],”  said 
Rhett  Dawson,  president  of  the 
Information  Technology  In¬ 
dustry  Council  in  Washington. 

The  Republicans  “are  even 
less  enthusiastic  about  having 


access  from  an  Internet  cafe 
in  Istanbul  or  anywhere,”  said 
A1  Alexander,  manager  of  the 
Loews  information  center. 

Avoiding  the  need  to  install 
VPN  clients  was  essential 
for  the  company  because  it 
has  several  subsidiaries  and 
18  Lotus  Notes  servers  nation¬ 
wide,  Alexander  said. 

“It’s  a  good  way  for  consoli¬ 
dating  control  without  a  lot  of 
overhead,”  he  added.  “It’s  the 
most  secure  thing  we’ve  been 
able  to  come  up  with  at  this 
point  that  allows  access  from 
any  computer.” 

More  Access  Soon 

Loews  began  using  the  client¬ 
less  VPN  from  Whale  Com¬ 
munications  Ltd.  in  Fort  Lee, 
N.J.,  this  past  summer,  enabling 
200  users  to  access  e-mail. 
Starting  next  week,  Loews  will 
allow  users  to  access  its  cor¬ 
porate  intranet  for  informa¬ 
tion  such  as  human  resources 
policies  and  notices. 

Conventional  VPNs,  which 


Clientless  VPNs  Gain  Steam 


Congress  get  in  the  middle  of 
technology  choices”  than  the 
Democrats,  said  Dawson. 

IT  industry  officials,  how¬ 
ever,  said  no  bills  will  get 
passed  without  Democratic 
support,  particularly  because 
of  the  Senate’s  60-vote  rule. 

Ari  Schwartz,  associate 
director  of  the  Washington- 
based  Center  for  Democracy 
and  Technology,  said  McCain 
worked  to  get  bipartisan  pri¬ 
vacy  legislation  adopted,  and 
he  believes  that  debate  will 
resume.  “A  significant  number 
of  members  . . .  are  for  stronger 
privacy  rules,”  he  said. 

Technology  associations 
and  business  trade  groups 
have  supported  opt-out  laws 
because  consumers  often 
don’t  take  advantage  of  them 
[QuickLink  29879],  For  exam¬ 
ple,  the  1999  Gramm-Leach- 
Bliley  financial  modernization 
act  includes  a  number  of  opt- 
out  privacy  protections. 

Gramm-Leach-Bliley  gives 
customers  the  right  to  stop 
financial  services  firms  from 
selling  or  sharing  their  per- 


create  a  virtual  tunnel  in  a  net¬ 
work  with  encryption  technol¬ 
ogy,  require  software  clients 
on  remote  machines  and  are 
often  coupled  with  corporate 
firewalls,  analysts  noted. 

The  global  VPN/firewall 
market  is  approaching  $3  bil¬ 
lion  this  year  and  will  hit  $5  bil¬ 
lion  in  2005,  said  Jeff  Wilson, 
director  of  Infonetics  Research 
Inc.  in  San  Jose.  For  the  new 
clientless  VPN  category,  which 


HOW  IT  WORKS 

Clientless  VPNs 

1.  The  remote  user  initiates 
access  to  e-mail  and  other  ap¬ 
plications  inside  the  company 
intranet  from  any  computer. 

2.  The  user’s  request  hits  the 
SSL  VPN  gateway  outside  the 
company  firewall.  Authentica¬ 
tion  is  then  required, 

3.  For  authorized  users,  the 
gateway  strips  off  packet  head¬ 
er  information,  passing  only  the 
payload  across  the  firewall  and 
then  re-creating  the  packet  flow 
on  the  other  side  for  e-mail  and 
intranet  access. 


www.computerworld.com 


Republican  Rule 

These  Senate  leadership  changes 
could  affect  privacy  legislation: 


■  Commerce  committee 
chairman  Sen.  Ernest  “Fritz” 
Hollings  (D-S.C.)  favors  the  opt- 
in  approach  to  sharing  con¬ 
sumers’  personal  information 
with  third  parties.  Sen.  John 
McCain  (R-Ariz.),  the  returning 
chairman,  prefers  opt-out. 

■  With  Sen.  Phil  Gramm 
(R-Texas)  retiring,  the  path  is 
clear  for  the  banking  committee’s 
two  most  ardent  privacy  advo¬ 
cates  to  make  changes.  Sen. 
Richard  Shelby  (R-Ala.),  who 
may  become  the  next  chairman, 
wants  strong  privacy  protections, 
as  does  Sen.  Paul  Sarbanes 
(D-Md.),  the  current  chairman. 


sonal  data  with  third  parties. 
All  that  customers  have  to  do  is 
opt  out.  But  critics  charge  that 
the  privacy  notices  are  full  of 
legal  jargon  and  fine  print  and 
are  difficult  to  understand. 
Less  than  5%  of  customers  opt 
out  of  data  sharing.  I 


usually  involves  installing 
a  gateway  device,  the  market 
will  hit  $56  million  this  year 
and  is  expected  to  reach 
$986  million  in  2005,  he  said. 

Wilson  said  a  “ton  of  play¬ 
ers”  are  already  making  the 
gateways,  including  major 
vendors  such  as  Nortel  Net¬ 
works  Ltd.  in  Brampton,  On¬ 
tario,  and  Check  Point  Soft¬ 
ware  Technologies  Ltd.  in 
Redwood  City,  Calif.  He  listed 
eight  smaller  vendors  as  well. 

Most  of  the  products  func¬ 
tion  as  proxy  devices  that  sit 
in  front  of  a  corporate  firewall. 
“The  downside  of  these  is  that 
you  can’t  access  all  legacy  ap¬ 
plications,”  Wilson  said.  But 
clientless  VPNs  are  a  good 
complement  to  IPsec  VPNs, 
and  many  large  companies 
will  use  both,  he  said. 

Whale’s  e-Gap  Remote 
Access  Appliance  provides 
centralized  encryption  at  the 
firewall,  applying  one  SSL 
certificate  for  each  outgoing 
data  stream.  Incoming  data 
is  scanned  with  two-factor 
authentication.  Pricing  starts 
at  $23,000.  > 


So  many  network  applications. 
So  little  throughput. 

It’s  time  for  Gigabit  to  the  desktop. 


The  surge  in  network  applications  has  caused  bottlenecks  on  desktops  everywhere.  The  solution?  Help  your 
organization  tackle  all  those  network  backups,  remote  software  distributions  and  massive  file  downloads  by 
providing  an  equally  massive  increase  in  throughput.  With  the  Intel®  PRO/IOOO  MT  Desktop  Connection, 
you’ll  benefit  from  10  times  the  throughput.  Other  advantages:  a  Gigabit  connection  works  on  an  existing 
10/100  Mbps  Cat-5  network,  and  will  seamlessly  ramp  up  to  1000  Mbps.  When  this  Gigabit  connection 
is  combined  with  the  Intel®  Pentium®  4  processor,  studies  have  demonstrated  a  significant  boost  in  desktop 
performance.  Intel,  the  leader  in  desktop  connections,  makes  multi-tasking  less  of  a  task  —  cost-effectively 
and  without  any  need  for  expensive  rewiring.  Intel®  PRO  Network  Connections.  The  intelligent  way  to  connect. 


int@l. 

For  a  trial  kit,  product  and  test  information:  www.intel.com/go/desktopgig 

C-2002  Intel  Corporation.  Intel  is  a  registered  trademark  of  Intel  Corporation  or  »ts  subsidiaries  »n  tt>e  United  States  and  other  countries  All  nghts  re.se* 


COMPUTERWORLD  November  11, 2002 


NEWS 


www.computerworld.com 


Oracle  Prepares  to  Boost  Tools 
For  Database  Management 


Enterprise  Manager  upgrade  aims  to 
broaden  its  administrative  capabilities 


BY  MARC  L.  SONGINI 

RACLE  CORP.  is 
moving  to  central¬ 
ize  systems  man¬ 
agement,  monitor¬ 
ing  and  performance-analysis 
operations  for  users  of  its 
databases  and  middleware. 

At  its  OracleWorld  con¬ 
ference  in  San  Francisco  this 
week,  Oracle  plans  to  an¬ 
nounce  the  latest  version  of 
its  Enterprise  Manager  soft¬ 
ware.  Company  officials  said 
Version  4.0  will  let  IT  staffers 
proactively  monitor  their  en¬ 
tire  Oracle  database  installa¬ 
tions,  from  the  underlying 
hardware  to  end-user  devices. 

“Right  now,  when  people 
look  at  performance,  they  look 
at  the  systems  but  don’t  see  it 


from  an  end-user  perspective,” 
said  Rene  Bonvanie,  vice  pres¬ 
ident  of  marketing  for  Ora- 
cle9i  products.  But,  he  added, 
the  Enterprise  Manager  up¬ 
grade  will  let  administrators 
monitor  complete  technology 
stacks  without  having  to  cob¬ 
ble  together  multiple  manage¬ 
ment  applications. 

Version  4.0  will  also  add  the 
ability  to  view  various  perfor¬ 
mance  benchmarks,  such  as 
query  response  times,  through 
a  single  user  interface,  Bonva¬ 
nie  said.  In  addition,  it  can 
track  what  software  patches  a 
user  has  installed  and  how 
well  they’re  performing. 

Arthur  Meacham,  computer- 
assisted  dispatch  system 
administrator  for  the  Caddo 


More  to  Come 


At  the  OracleWorld  conference, 
Oracle  will  also: 

ANNOUNCE  a  free  grid  comput¬ 
ing  developer's  kit  that  includes  a 
set  of  open-source  tools  created 
by  the  Globus  Project. 

SHOWCASE  the  performance 
of  its  software  on  Linux  servers, 
including  the  ability  to  cluster 
Linux-based  databases. 

DETAIL  plans  to  add  interactive 
features  to  its  collaboration  soft¬ 
ware,  which  was  released  last 
month  and  includes  unified  mes¬ 
saging  and  calendaring  tools. 

Parish  9-1-1  District  in  Shreve¬ 
port,  La.,  says  the  new  capabil¬ 
ities  in  Version  4.0  sound  ap¬ 
pealing.  The  public-safety 
agency  uses  an  Oracle8.1.7 
database  running  on  a  Win¬ 
dows  NT  server  to  support 


the  routing  of  police  and  fire 
calls  and  the  dispatching  of 
emergency  vehicles.  It  also 
uses  the  Oracle9i  application 
server  and  portal  software  to 
make  information  available  to 
the  public  on  its  Web  site. 

“I’m  the  sole  DBA  at  my 
site,  and  it’s  my  responsibility 
to  keep  up  with  performance,” 
Meacham  said.  A  centralized 
interface  would  make  that 
process  much  simpler,  he 
added.  Meacham  currently 
uses  Enterprise  Manager  2.2 
to  handle  database  analysis 
and  other  functions. 

“Certainly,  anything  to  inte¬ 
grate  the  tools  even  more 
would  be  welcome,”  said  Dan 
Vlamis,  president  of  Vlamis 
Software  Solutions  Inc.,  a  Lib¬ 
erty,  Mo.-based  Oracle  consul¬ 
tancy.  Vlamis  is  also  president 
of  the  business  intelligence 
special-interest  group  within 


SAP  to  Push  New  Strategy 
For  Cross-Applications 


BRIEFS 


CSC  Close  to  New 
Outsourcing  Deal 

Computer  Sciences  Corp.  (CSC) 
said  it’s  in  final  negotiations  for 
an  IT  outsourcing  contract  with 
the  rail  equipment  manufactur¬ 
ing  unit  of  Montreal-based  Bom¬ 
bardier  Inc.  The  deal  is  expected 
to  take  effect  in  February  and 
could  be  worth  more  than  $670 
million  over  seven  years,  El  Se- 
gundo,  Calif.-based  CSC  said. 


Brocade  Strikes 
Back  at  Cisco 

Brocade  Communications  Sys¬ 
tems  Inc.  agreed  to  buy  Rhapsody 
Networks  Inc.,  a  Fremont,  Calif.- 
based  maker  of  multiprotocol 
storage  switches,  for  about  $175 
million  in  stock.  The  deal  is  seen 
as  a  couuterstrike  by  San  Jose- 
based  Brocade  in  reaction  to  Cis¬ 
co  Systems  Inc.’s  planned  acqui¬ 
sition  of  Andiamo  Systems  Inc. 


Software  links 
multiple  systems 

BY  MARC  L.  SONGINI 

At  its  developer’s  conference 
this  week,  SAP  AG  will  try  to 
sell  users  on  the  value  of  a 
new  cross-applications  initia¬ 
tive  designed  to  support  the 
creation  of  repeatable  busi¬ 
ness  processes  that  can  run 
over  disparate  applications. 

SAP  plans  to  use  the  TechEd 
’02  conference  in  New  Orleans 
to  run  a  series  of  workshops 
on  the  cross-applications  tech¬ 
nology.  The  software  vendor 
will  also  announce  that  it  has 
signed  on  some  key  systems 
integrators  to  support  the 
xApps  initiative,  including 
Accenture  Ltd.  and  Deloitte 
Consulting. 

The  xApps  strategy  was  an¬ 
nounced  in  June,  and  SAP  is 
due  to  release  an  initial  prod¬ 


uct  next  month  (see  box).  The 
cross-applications  “are  a  way 
of  helping  customers  to  de¬ 
ploy  new  software  solutions 
without  replacing  existing  sys¬ 
tems,”  said  Peter  Graf,  vice 
president  of  market  strategy 
at  SAP. 

For  example,  Graf  said  that 
Calgary,  Alberta-based  elec¬ 
tricity  generator  TransAlta 
Corp.  has  deployed  an  early 
version  of  a  third-party  xApp 
application  that’s  aimed  at  im¬ 
proving  plant  operations  man¬ 
agement.  The  software  lets 
end  users  in  maintenance, 
operations  and  engineering 
share  information  across  vari¬ 
ous  technology  platforms  to 
address  equipment  malfunc¬ 
tions  or  changes  in  order 
scheduling. 

TransAlta,  which  uses  SAP’s 
R/3  enterprise  resource  plan¬ 
ning  software,  has  gone  live 
with  the  xApp  at  one  plant  in 


Washington  state  thus  far,  said 
Paul  Kurchina,  the  company’s 
manager  of  program  manage¬ 
ment.  Lie  added  that  TransAlta 
plans  to  extend  the  applica¬ 
tion  to  its  other  plants  during 
the  next  18  months. 

Built-in  Connections 

The  software  is  being  co¬ 
developed  by  SAP  and  NRX 
Global  Corp.,  a  Toronto-based 
IT  systems  and  services  ven- 

SAP’s  xApps 

■  The  cross-applications  envi¬ 
sioned  by  SAP  will  include 
built-in  hooks  to  a  mix  of  sys¬ 
tems  so  users  can  avoid  the  need 
for  point-to-point  connections. 

■  SAP  by  year’s  end  plans  to 
ship  a  resource  and  program 
management  xApp  that’s  de¬ 
signed  for  use  in  managing  com¬ 
plex  IT  and  research  projects. 

■  The  company  is  also  working 
on  an  xApp  to  support  merger- 
related  financial  and  budgeting 
work  that  requires  data  feeds 
from  different  systems. 


the  Chicago-based  Interna¬ 
tional  Oracle  Users  Group. 

He  noted  that  how  well  Ora¬ 
cle’s  message  sells  may  de¬ 
pend  on  the  audience.  Many 
database  administrators  will 
be  interested  in  simplifying 
management  routines,  Vlamis 
predicted.  But  higher-level  IT 
executives  often  don’t  take 
ease  of  management  into  con¬ 
sideration,  he  added. 

IBM  is  building  self-tuning 
and  self-management  capabili¬ 
ties  into  an  upgrade  of  its  DB2 
database  that’s  due  out  late 
this  month,  and  Microsoft 
Corp.  claims  to  have  embed¬ 
ded  similar  features  in  its  SQL 
Server  software. 

But  Wayne  Kernochan,  an 
analyst  at  Aberdeen  Group 
Inc.  in  Boston,  said  IBM  and 
Microsoft  separate  database 
administration  from  systems 
management.  Oracle’s  com¬ 
bined  approach  could  help 
companies  that  have  database 
administrators  managing  mul¬ 
tiple  installations  of  its  data¬ 
bases,  but  it  may  not  be  as  ap¬ 
pealing  to  users  with  multi¬ 
vendor  software,  he  added.  > 


dor  that’s  also  hosting  the  ap¬ 
plication  for  TransAlta.  The 
technology  includes  built-in 
connections  for  accessing  var¬ 
ious  databases,  drawings, 
manuals  and  documents.  The 
cost  and  challenges  of  build¬ 
ing  those  links  internally 
would  have  been  prohibitive 
for  TransAlta,  Kurchina  said. 

“It  came  together  to  take  out 
a  lot  of  different  pain  points,” 
he  said,  adding  that  a  role- 
based  portal  lets  end  users  get 
alerts  and  information  without 
even  seeing  the  various  appli¬ 
cations  they’re  accessing. 

SAP  officials  said  NRX 
plans  to  sell  the  plant  opera¬ 
tions  xApp  more  widely,  but  a 
shipment  date  hasn’t  been  set. 

SAP’s  strategy  of  getting 
users,  integrators  and  other 
vendors  on  board  to  develop 
xApps  is  sensible,  said  Joshua 
Greenbaum,  an  analyst  at  En¬ 
terprise  Applications  Consult¬ 
ing  in  Daly  City,  Calif.  “The 
potential  number  of  xApps  is 
more  than  SAP  [alone]  could 
bring  to  market  in  the  next  18 
months,”  he  said.  I 


www.computerworld.com 


COMPUTERWORLD  November  11, 2002 


AOL  Takes  AIM  at  Corporate 
Instant  Messaging  Users 


Security,  control 
enhancements  for 
businesses  added 


BY  TODD  R.  WEISS 

America  Online  Inc.  last 
week  unveiled  security  and 
control  features  designed  to 
give  its  widely  used  AOL  In¬ 
stant  Messenger  (AIM)  prod¬ 
uct  the  teeth  it  needs  for  cor¬ 
porate  use. 

Dulles,  Va.-based  AOL  said 
its  Enterprise  AIM  Services 
(EAS)  will  give  IT  administra¬ 
tors  more  control  over  instant 
messaging  (IM)  use,  along 
with  long-desired  security  and 
auditing  features  critical  for 
business  use. 

The  EAS  package  will  in¬ 
clude  AIM  Enterprise  Gate¬ 
way,  which  is  to  be  installed 
behind  a  company’s  firewall  to 
help  provide  tighter  control 
over  incoming  and  outgoing 
messages.  Also  being  offered  is 
an  optional  Private  Domain 
Service,  which  features  feder¬ 
ated  authentication  to  allow 
companies  to  centrally  manage 
users  through  their  existing 
corporate  server  directories. 

AOL  is  also  providing  devel¬ 
oper  packages  and  programs 
so  applications  can  be  written 
to  integrate  with  its  IM  client. 

Still  missing  from  the  AIM 
client  package  for  business, 
however,  are  encryption  capa¬ 
bilities,  which  are  being  worked 
on  in  beta  versions  and  are  due 
for  release  by  early  next  year. 

The  AOL  announcement 
comes  a  month  after  Yahoo 
Inc.  in  Sunnyvale,  Calif.,  be¬ 
came  the  first  major  consumer 
IM  company  to  announce  an 
enterprise  edition  of  its  IM 
software,  called  Yahoo  Mes¬ 
senger  Enterprise  Edition  1.0 
[QuickLink  33446]. 

Rather  than  redesign  a  cor¬ 
porate  IM  client  from  scratch, 
AOL  is  using  its  existing  con¬ 
sumer  IM  client  and  wrapping 
it  with  the  enterprise  services 
package,  said  Derick  Mains,  an 


AOL  spokesman.  To  add  secu¬ 
rity  and  archiving  features, 
AOL  enlisted  the  help  of  Fos¬ 
ter  City,  Calif. -based  FaceTime 
Communications  Inc.,  which 
embedded  its  technology  into 
the  AIM  client  to  provide 
needed  features,  Mains  said. 

VeriSign  Inc.  in  Mountain 
View,  Calif.,  is  also  working 
witn  AOL  to  integrate  encryp¬ 
tion  capabilities  by  next  year. 

Making  Inroads 

AOL  hasn’t  publicized  pricing 
for  EAS,  since  it  will  depend 
on  variables  such  as  the  size  of 
the  deployment.  However,  it’s 


Offer  partners 
new  incentives  for 
good  performance 

BY  JAIKUMAR  VIJAYAN 

Hewlett-Packard  Co.  and  Sun 
Microsystems  Inc.  last  week 
announced  new  financial  in¬ 
centives  and  simpler  adminis¬ 
tration  for  their  respective 
channel  partners,  in  moves 
that  could  result  in  better 
product  and  ser¬ 
vice  delivery  for 
users. 

HP’s  partner- 
One  program, 
which  will  initially  be  rolled 
out  to  its  20,000  partners  in 
the  U.S.,  replaces  about  40 
separate  programs  the  com¬ 
pany  had  in  place  following  its 
merger  with  Compaq  Com¬ 
puter  Corp. 

PartnerOne  will  focus  a  lot 
more  than  previous  channel 
programs  on  helping  HP  part¬ 
ners  grow  top-line  revenue 
through  joint  marketing  ef¬ 
forts,  said  Carl  Ramsey,  a  di¬ 
rector  in  HP’s  channel  organi¬ 
zation.  For  instance,  HP  is  de¬ 
livering  a  series  of  demand- 
generation  and  Web-enabled 
marketing  tools  for  creating 


expected  to  cost  about  $34  to 
$40  per  seat.  The  new  services 
and  features,  with  the  excep¬ 
tion  of  the  encryption  capabil¬ 
ities,  are  available  now. 

Michael  Osterman,  an  ana¬ 
lyst  at  Osterman  Research 
Inc.  in  Black  Diamond,  Wash., 
called  the  business  version  of 
AIM  “a  pretty  significant  de¬ 
velopment,”  because  AOL  is 
the  leader  in  the  consumer  IM 
marketplace. 

“It  doesn’t  have  all  the  fea¬ 
tures  yet,”  he  said.  But  that 
probably  won’t  be  a  problem, 
because  many  businesses 
won’t  have  the  money  in  their 


direct  marketing  and  e-mail 
promotions. 

The  company  will  also  offer 
more  incentives  to  partners 
for  achievements  such  as 
winning  a  new  account  or 
displacing  rivals,  Ramsey 
said.  HP  has  also  put  in  place 
a  unified  channel-facing  orga¬ 
nization  to  replace  the  multi¬ 
ple  units  it  had  for  its  various 
technologies. 

“Instead  of  having  40  dif¬ 
ferent  Web  sites 
and  40  different 
places  to  go,  we 
now  have  one 
face  for  our  part¬ 
ners,”  Ramsey  added. 

The  program  addresses 
most  of  the  questions  channel 
partners  had  following  HP’s 
acquisition  of  Compaq,  said 
Geoffrey  Lilien,  CEO  of  Mill 
Valley,  Calif.-based  HP  reseller 
Lilien  Systems  Inc. 

“There  was  a  lot  of  uncer¬ 
tainty  about  what  was  happen¬ 
ing  as  you  looked  at  the  differ¬ 
ent  programs  and  the  different 
people  across  both  the  compa¬ 
nies,”  Lilien  said. 

The  new  program  has  in¬ 
troduced  “consistency  across 
the  many  different  programs” 
and  made  it  easier  to  work 


end-of-year  budgets  to  deploy 
it  now  anyway.  By  the  time  IT 
departments  are  ready  to  look 
into  EAS  next  year,  he  said, 
encryption  features  will  be  in¬ 
corporated,  making  it  a  com¬ 
pelling  product  to  investigate. 

Robert  Mahowold,  an  analyst 
at  IDC  in  Framingham,  Mass., 
said  that  one  challenge  AOL 
will  face  is  getting  IT  decision¬ 
makers  to  believe  a  system  that 
still  uses  the  consumer  version 
of  AIM  will  do  the  job  for  them. 
“AOL  has  done  its  due  diligence 
preparing  the  product,”  he  said. 
“But  they  still  have  to  see  how 
the  market  reacts. 

“AOL’s  first  job  is  to  convert 
the  companies  that  have  been 
informal  users  to  get  them  to 
be  paying  customers,”  Ma¬ 
howold  said.  “I  think  if  they 
can  do  that,  they  win.” 

AIM  is  the  world’s  most 
popular  IM  client,  delivering 


with  LIP,  he  said.  For  instance, 
the  multiple  contracting  pro¬ 
grams  that  partners  previ¬ 
ously  had  to  sign  up  for  have 
been  replaced  by  a  single 
contract. 

Sun’s  new  program,  mean¬ 
while,  is  aimed  at  providing 
its  800  U.S.-based  iForce  chan- 


What  It 
Takes 


TO  BECOME  A  STRATEGIC 
SUN  IFORCE  PARTNER: 

■  At  least  10  sales  represen¬ 
tatives  and  10  systems  engi¬ 
neers  must  be  Sun  certified 
at  the  enterprise  level. 


■  Five  of  those  10  systems 
engineers  also  must  have  a 
Solaris  core  certification. 


TO  BECOME  AN  HP 
PLATINUM  PARTNER: 

■  You  must  have  at  least  15 
technical  consultants. 


■  You  must  have  at  least  five 
sales  representatives. 


■  At  least  four  reps  must  be 
certified  on  HP  technology. 


NEW  SERVICES 


Better  AIM 

AOL’s  Enterprise  AIM  Services  will: 

GIVE  IT  administrators 
control  over  IM  usage. 

ADD  business  security  and 
auditing  features. 

OFFER  encryption  features 
early  next  year. 

more  than  1.5  billion  instant 
messages  each  day,  according 
to  the  company.  There  are 
about  180  million  registered 
users  of  the  AIM  service,  in¬ 
cluding  consumers  and  busi¬ 
ness  users.  I 


GET  CONNECTED 

For  more  news  on  messaging  technologies, 
visit  our  Web  site: 

QuickLink  k2360 
www.computerworld.com 


nel  partners  with  many  of  the 
same  features. 

“We  know  we  needed  to 
continue  to  improve  the  value 
proposition,  to  simplify  how 
to  do  business  with  us  and  re¬ 
ward  those  who  have  been 
making  a  significant  invest¬ 
ment  in  Sun,”  said  Mike 
Walsh,  a  Sun  director. 

Among  Sun’s  margin-im¬ 
provement  programs  is  an  ini¬ 
tiative  called  the  Target  Ac¬ 
count  Program,  under  which 
the  company  will  offer  special 
rebates  to  partners  that  sell  to 
a  specific  list  of  “new-to-Sun” 
target  accounts,  according  to 
Walsh.  It  will  also  offer  special 
cash  rebates  to  partners  that 
sell  only  Sun  server  and  stor¬ 
age  equipment. 

The  company’s  revamp  is 
clearly  aimed  at  rewarding 
partner  loyalty  and  invest¬ 
ment  in  Sun  technology,  said 
Oliver  Poppenberg,  a  vice 
president  at  Perfect  Order 
Inc.,  a  Sun  reseller  in  Mechan- 
icsburg,  Pa.  Sun’s  decision  to 
offer  incentives  to  partners 
that  refer  users  to  its  profes¬ 
sional  services  is  also  a  good 
one,  he  said. 

But  “more  specifics  are 
needed  to  understand  how 
partners  are  assigned  or  can 
earn  a  target  account,”  Pop¬ 
penberg  said.  > 


HP,  Sun  Revamp  Channel  Programs 


VENDOR 

PARTNERSHIPS 


COMPUTERWORLD  November  11, 2002 


Cybersecurity  Tools  Proliferate 
As  Spending  Remains  Steady 


New  products  address  continued 
concerns  over  threats  to  corporate  data 


BY  JAIKUMAR  VIJAYAN 

ORPORATE  AMERICA’S 
willingness  to  spend 
money  to  protect  its 
information  assets 
apparently  hasn’t  been  lost  on 
a  single  security  vendor. 

This  week’s  Computer  Se¬ 
curity  Conference  and  Exhibi¬ 
tion  in  Chicago  will  showcase 
a  plethora  of  new  tools  that 
feature  real-time  event  analy¬ 
sis  and  correlation  capabilities 
for  dealing  more  efficiently 
with  cyberthreats. 

Such  products  come  at  a 
time  when  some  analysts  are 
projecting  that  spending  on 
IT  security  will  continue  to 
hold  steady  in  2003  despite  a 
decrease  in  overall  corporate 
IT  spending. 

A  recent  survey  of  more 
than  25,000  IT  professionals 
worldwide  by  Meta  Group  Inc. 
in  Stamford,  Conn.,  indicates 


that  the  number  of  companies 
that  will  spend  more  than  5% 
of  their  IT  budgets  on  security 
will  grow  from  33%  in  2001  to 
55%  next  year. 

“It’s  a  case  where  you  can 
be  penny-wise  and  pound- 
foolish,”  said  Josh  Turiel,  a 
network  services  manager  at 
Holyoke  Mutual  Insurance  Co. 
in  Salem,  Mass. 

Although  other  areas  of 
Holyoke’s  IT  budget  have  been 
trimmed  to  offset  increases  in 
license  fees  and  other  fixed 
costs,  security  is  an  area  that 
has  been  untouched,  he  said. 

“Unfortunately,  what’s  hap¬ 
pened  after  Sept.  11  is  that  we 
have  more  concerns  about 
cyberterrorism  and  the  need 
to  protect  ourselves  against  it,” 
said  Thomas  Miles,  a  systems 
administrator  at  St.  Onge,  Ruff 
&  Associates,  an  architectural 
engineering  firm  in  York,  Pa. 


NEW  PRODUCTS 


Vendors  announcing 
products  at  the  CSI 
conference  include: 

LANC0PEINC. 

■  StealthWatch  Management 
Console  for  centralized  manage¬ 
ment  of  intrusion  detection  devices. 

FINJAN  SOFTWARE  INC. 

■  SurfinGate  content  security 
product. 

NEOTERIS  INC. 

■  Instant  Virtual  Intranet  V3.0. 


The  company  has  just  bol¬ 
stered  its  defenses  with  a  fire¬ 
wall  from  Burlington,  Mass.- 
based  Astaro  Corp.  that  com¬ 
bines  firewalls  with  a  virtual 
private  network,  antivirus 
protection,  content  filtering 
at  the  application  level  and 
user  authentication. 

Some  of  the  products  at  this 
week’s  show,  which  is  spon¬ 
sored  by  the  San  Francisco- 
based  Computer  Security  In¬ 


stitute,  take  a  behavior-based 
approach  to  enforcing  security, 
while  others  are  policy-based. 

For  instance,  Waltham, 
Mass.-based  Okena  Inc.’s  new 
StormTrack  product  builds  on 
the  company’s  previous  rules 
and  correlation  engines  and 
allows  companies  to  enforce 
authorized  application  behav¬ 
ior  while  preventing  unautho¬ 
rized  tasks  from  executing. 
Okena’s  suite  lets  users  define 
policies  for  acceptable  behav¬ 
ior  and  then  uses  an  agent- 
based  technology  to  monitor 
applications  and  host  systems 
in  real  time  for  compliance. 

“Okena’s  approach  gives 
me  a  little  more  control  over 
my  environment,”  said  Bill 
Spernow,  chief  information 
security  officer  at  the  Georgia 
Student  Finance  Commission 
in  Atlanta.  “It  allows  me  to 
configure  a  rules  base  that,  in 
conjunction  with  the  agents, 
allows  me  to  see  what  ports 
are  open  or  who  is  accessing  a 
file  or  touching  a  registry  sys¬ 


tem,”  Spernow  said. 

Similarly,  Securify  Inc.  in 
Mountain  View,  Calif.,  will  in¬ 
troduce  a  suite  of  tools  that 
allow  enterprises  to  define  — 
and  ensure  compliance  with 
—  a  set  of  rules  that  specify 
how  network  traffic  should 
behave,  according  to  Mark 
Hangen,  the  company’s  presi¬ 
dent  and  CEO.  Securify’s 
SecurVantage  3.0  product 
starts  at  about  $50,000. 

Other  products  are  aimed  at 
helping  companies  better 
gather  and  manage  the  data 
overload  resulting  from  the  in¬ 
stallation  of  various  security 
devices  around  the  enterprise. 
For  instance,  Bethesda,  Md.- 
based  Intellitactics  Inc.’s  Net¬ 
work  Security  Manager  4.0 
lets  companies  gather  data 
from  firewalls,  routers  and  in¬ 
trusion-detection  devices  and 
translate  it  into  simple  langu¬ 
age,  said  CEO  Paul  Soft. 

The  technology  uses  corre¬ 
lation  engines  and  vulnerabili¬ 
ty  information  to  help  admin¬ 
istrators  prioritize  threats  and 
responses.  Pricing  starts  at 
about  $87,000. U 

MORE  ON  CYBERSECURITY 

Intrusion-detection  systems  need  a  lot  of 
fine-tuning.  To  learn  more,  see  page  34. 


! 


( 

! 


Continued  from  page  1 

Ameritrade 


ture  that’s  based  on  high-end 
servers.  For  example,  the 
Ameritrade  trading  system  is 
supported  by  Sun  Microsys¬ 
tems  Inc.’s  Sun  Enterprise 
10000  Unix  servers. 

“We  like  the  lower  cost  of 
the  Datek  platform,  but  we’re 
also  looking  at  keeping  the 
same  or  higher  levels  of  relia¬ 
bility  and  availability  [as  pro¬ 
vided  by  Ameritrade’s  sys¬ 
tems],”  Murphy  said.  She  said 
Ameritrade  is  investigating 
using  Linux  servers  for  its  new 
IT  infrastructure  but  will  also 
consider  systems  such  as  Win¬ 
dows  2000  and  Solaris. 

The  data  center  and  Web 
site  consolidation  efforts  are 
also  due  to  be  completed  by 
n  cmmer.  Murphy  said  it’s 
tc  •  early  to  pinpoint  the  total 


cost  of  the  integration  work. 

Ameritrade  has  two  data 
centers  of  its  own:  a  primary 
site  in  Kansas  City,  Mo.,  and  a 
backup  site  in  Omaha.  Jersey 
City,  N.J. -based  Datek  brought 
with  it  a  data  center  in  Secau- 
cus,  N.J.  Ameritrade  will  close 
the  Omaha  facility  and  pick 
one  of  the  others  as  its  main 
data  center,  Murphy  said. 


On  the  front  end,  Ameri¬ 
trade  intends  to  replace  its 
two  online-trading  Web  sites 
with  a  new  one  that  will  in¬ 
clude  features  from  both  bro¬ 
kerages.  But  the  changes  will 
be  done  gradually  to  make 
them  evolutionary  for  users. 

“We  have  two  platforms, 
and  in  essence  you  could  say 
that  we’re  abandoning  both,” 


said  Larry  Szczeck,  chairman 
of  products  and  services  inte¬ 
gration  at  Ameritrade.  “We’re 
taking  a  hybrid  of  the  two  and 
moving  customers  to  that.” 

The  overall  IT  integration 
effort  is  being  led  by  eight 
teams  that  are  in  charge  of 
areas  such  as  technology  inte¬ 
gration  and  end-user  experi¬ 
ence.  Each  group  reports 


weekly  on  its  progress  to  a 
central  integration  committee. 

Ameritrade  is  also  setting  up 
a  team  of  employees  from  both 
companies  to  work  on  new  ap¬ 
plications.  “The  integration 
effort  is  tied  to  old  systems, 
and  we  need  to  get  that  done 
for  synergies,”  Murphy  said. 
“But  we  need  to  move  forward 
on  building  new  systems.”  > 


Integration  Plan  Includes  IT  Layoffs 


Ameritrade’s  plan  for  integrating 
its  operations  with  Datek’s  also 
includes  the  likelihood  of  IT  staff 
cutbacks.  And  that’s  causing  IT 
managers  at  the  company  to  do  a 
lot  of  hand-holding  with  technol¬ 
ogy  workers  who  are  worried 
about  the  upcoming  layoffs. 

Ameritrade  and  Datek  have 
a  combined  IT  staff  of  450  peo¬ 


ple,  out  of  2,100  total  employees. 
Reductions  in  IT  are  expected 
over  the  next  six  months  as  sys¬ 
tems  get  combined  and  consoli¬ 
dated,  said  Cecilia  Murphy,  vice 
president  of  technology  engineer¬ 
ing  services  at  Ameritrade.  She 
wouldn't  speculate  on  how  many 
jobs  are  likely  to  be  cut. 

In  particular,  some  program¬ 


mers  and  other  IT  employees  are 
concerned  that  the  elimination  of 
the  systems  they  work  on  will  also 
mean  the  end  of  their  jobs,  said 
Larry  Szczeck,  chairman  of  prod¬ 
ucts  and  services  integration  at 
Ameritrade.  “That  one  caught  me 
off  guard,”  he  said.  “It’s  a  chal¬ 
lenge  to  get  people  to  work  to¬ 
gether  to  develop  the  best  sys¬ 
tem,  not  ’the  best  system  I  used 
to  work  on  so  I’ll  still  have  a  job.’  ” 


Phylis  Esposito,  Ameritrade’s 
chief  strategy  officer,  said  one 
way  the  firm  is  combating  the 
rumor  mill  on  layoffs  is  to  issue 
biweekly  integration  updates  via 
e-mail.  “Communicate  frequently, 
and  be  upfront,”  she  said.  As  de¬ 
cisions  that  could  affect  employ¬ 
ees  are  made,  it’s  best  to  “an¬ 
nounce  them,  because  things  fil¬ 
ter  through  anyway,”  she  added. 

-  Lucas  Mearian 


Bart  Perkins 

Managing  Partner 
Leverage  Partners 


For  more  information  or  to  register  visit:  www.prernier100.com 


4th  Annual 


■PREMIER 


nnurrnriinr 


nil 


February  23-25,  2003 

JW  Marriott 
Desert  Ridge  Resort 

Scottsdale,  Arizona 


HERE'S  WHAT  PAST  ATTENDEES  SAY... 

"...  delivers  value  by  bringing  together 
senior-level  IT  decision-makers 
to  share  their 
experiences ... " 


Ralph 

Szygenda 

Group  VP  &  CIO 

General  Motors 


"...  is  wonderful ...  the  level  of 
expertise  among  the  attendees  is 
an  invaluable 
resource ... " 


Evelyn 

Follit 


SVP  &  CIO 
Radio  Shack 


"...  is  extremely  valuable ... 
a  benefit  to  any  RjCk 

IT  leader ..."  Stiegler 

CTO  Iff! 

Lending  Tree 


Leading  the  Way 
to  the  Real-Time 
Enterprise 


Exchange  Innovative  Ideas  and 

Top  IT  Executives 


PROVE 

The  Business  Value  of  IT 

Learn  how  to  create  partnerships  with  your  IT 
suppliers  and  outsourcers,  negotiate  licensing 
deals  and  manage  quick-turnaround  IT  projects. 
Tap  into  the  hottest  advice  on  asset  procurement 
and  server  consolidation. 

MAXIMIZE 

The  Customer  Connection 

Hear  how  top  IT  Leaders  are  enhancing  their 
company's  customer  relationships  through  EAI, 
CRM  and  business  intelligence  initiatives. 

Catch  up  with  the  latest  on  Web  services, 

.Net  and  other  leading  technologies. 

BULLETPROOF 

Your  Company  Assets 

Find  out  how  leading  IT  practitioners  are 
guaranteeing  business  continuity,  deploying 
identity  management,  safeguarding  e-business 
transactions  and  managing  mobile  and 
wireless  access. 

OPTIMIZE 

Your  Infrastructure 

Identify  best  practices  to  manage  infrastructure  in 
real-time,  keep  pace  with  growing  storage  needs 
and  test-drive  the  potential  of  utility  computing. 


SELECTED  SPEAKERS: 


Warren  Bennis 

•  Bestselling  business  author  of  "Leaders" 
and  "On  Becoming  a  Leader,"  and  the 
most  recent  "Geeks  &  Geezers" 

•  Advisor  to  four  U.S.  Presidents 

•  Distinguished  Professor  of  Management 
University  of  Southern  California  and 
the  chairman  of  the  Advisory  Board  of 
the  Center  for  Public  Leadership  at 
Harvard  University's  Kennedy  School 

Susan  Unger 

CIO 

DaimlerChrysler 


Curtis  Robb 

SVP  &  CIO 
Delta  Air  Lines 


Scott  Charney 

Chief  Security  Strategist 
Microsoft 


Thornton  May 

Futurist  and 

IT  Management  Consultant 


►  Bill  Farrow  ►  Tim  Buckley 

CIO  CIO 

Chicago  Board  Vanguard 


of  Trade 


For  companies  interested  in  sponsoring  and  exhibiting,  contact  your  Computerworld  sa 


belies  CACLUIIVC,  < 

V  A: _■ vii 


It's  true!  Long-term  licensing  and 


upfront  payment  are  no  longer 
your  only  choice.  Now  you  can 


select  the  payment  and  licensing 
options  that  best  suit  your  individ¬ 


ual  business  needs,  whatever  they 


may  be.  It's  yet  another  way  the 


company  you've  always  counted 


on  for  innovative  software  is 


providing  innovative  business 


solutions.  To  find  out  more,  or  to 


hear  what  some  of  our  customers 


have  to  say,  go  to  ca.com/innovation. 


Computer  Associates™ 


[tonal,  Inc.  <CA). 
marks  and  logos 


18 


COMPUTERWORLD  November  11, 2002 


NEWS 


www.computerworld.com 


r 


Judge  Rejects  Web 

-  "■  bail  ■ 


Site  DisabUity  Suit 


Southwest  fends  off 
suit,  but  looks  to  make 
its  site  more  accessible 


BY  PATRICK  THIBODEAU 


A  federal  judge  in  Miami 

last  month  rejected  a  lawsuit 
contending  that  Southwest 
Airlines  Co.  violated  the 
Americans  With  Disabilities  Act 
(ADA)  because  its  Web  site  was  inac¬ 
cessible  to  blind  users. 

At  issue  in  the  case  is  whether  cor¬ 
porate  Web  sites  fall  under  the  aegis  of 
the  ADA.  In  one  of  the  first  court  deci¬ 
sions  on  the  act’s  applicability  to  the 
Internet,  U.S.  District  Court  Judge  Pa¬ 
tricia  Seitz  ruled  that  the  ADA  con¬ 
cerns  physical  spaces,  not  virtual  ones. 
She  left  it  up  to  Congress  to  decide 
whether  to  broaden  the  disability  law 
to  include  cyberspace. 

But  in  a  footnote  to  her  12-page  deci¬ 
sion,  Seitz  expressed  surprise  that  Dal¬ 
las-based  Southwest  hasn’t  used  “all 
available  technologies  to  expand  ac¬ 
cessibility  to  its  Web  site  for  visually 
impaired  customers  who  would  be  an 
added  source  of  revenue.” 

Southwest  spokeswoman  Christine 
Turneabe-Connelly  acknowledged  that 
some  screen  readers  —  software  that 
converts  on-screen  text  to  audio  or  a 
refreshable  Braille  display  —  may  have 
had  compatibility  problems  with  the 
company’s  Web  site.  Southwest  is  “ex¬ 
ploring  some  possibilities”  to  make  the 
site  more  user-friendly  for  blind  or  vi¬ 
sually  impaired  users,  she  said. 

Problems  with  Web  site  accessibility 
aren’t  uncommon,  said  Edward  Res¬ 
nick,  president  of  Access  Now  Inc.,  a 
Miami  Beach,  Fla.-based  advocacy 
group  that  filed  the  suit.  Accessibility 


Web  Site  Accessibility  Ups 


INCLUDE  background  descriptions  of  im¬ 
ages  tiiat  can  be  read  by  screen  readers. 


PROVIDE  captioning  for  muitimedia. 


ALLOW  users  to  stop  or  pause  elements 
that  are  moving,  blinking  or  scrolling. 


AVOID  the  use  of  color  by  itself  to  signal 
links  or  actions  that  users  could  take. 


USE  headings,  lists  and  a  consistent  struc¬ 
ture  to  organize  pages. 


is  strictly  a  matter  of  whether  a  Web 
site’s  designer  “programmed  it  for  peo¬ 
ple  who  are  blind,”  he  said.  Access 
Now  and  a  blind  individual  claimed  in 
the  suit  that  Southwest’s  online  virtual 
ticket  counters  are  “extremely  diffi¬ 
cult”  —  though  technically  possible  — 
for  the  blind  to  use.  The  plaintiffs  plan 
to  appeal  Seitz’s  decision. 

Many  companies  rush  to  create  Web 
sites  without  considering  accessibility 
issues  and  may  later  balk  at  spending 


money  to  retrofit  their  sites,  said  Jen¬ 
nifer  Vollmer,  an  analyst  at  Meta 
Group  Inc.  in  Stamford,  Conn.  As  a 
rule,  she  said,  building  in  accessibility 
during  the  site  design  process  costs 
one  quarter  of  retrofitting  work. 

Web  site  accessibility  “should  be  a 


no-brainer,”  she  said.  “But  it  has  just 
not  been  a  priority  for  companies.” 

The  World  Wide  Web  Consortium 
has  published  a  set  of  accessibility 
guidelines  that  developers  can  follow 
to  open  up  Web  sites  (see  box).  But 
companies  also  have  to  increase  the 
accessibility  awareness  and  training  of 
programmers,  said  Gerry  Santoro,  an 
assistant  professor  of  information  sci¬ 
ences  and  technology  at  Pennsylvania 
State  University  in  University  Park.  I 


Lotus  Chief  Sets  Course  in  Wake 
Of  IBM’s  ‘On-Demand’  Strategy 


Zollar  focuses  on 
collaboration  tools  and 
‘dynamic  workplaces’ 


BY  MARYFRAN  JOHNSON 
AND  DON  TENNANT 


Al  Zollar  is  one  of  the  senior  executives 
at  IBM  who  will  play  a  key  role  in  exe¬ 
cuting  CEO  Samuel  J.  Palmisano’s  new 
“on-demand”  computing  initia¬ 
tive  [QuickLink  34091].  Zollar, 
general  manager  of  IBM’s  Lotus 
Software  Group,  spoke  with 
Computers orld  last  week. 


Aside  from  heading  Lotus,  you’re 
leading  an  IBM-wide  “dynamic 
workplaces”  initiative.  Can  you  ex¬ 
plain  what  that’s  about?  In  princi¬ 
ple,  it’s  this  notion  that  you 
walk  into  any  of  our  typical  medium- 
to  large-size  customers,  and  you  can 
probably  find  somebody  working  on 
an  e-HR  self-service  initiative,  some¬ 
body  working  on  a  portal,  somebody 
on  e-mail,  search,  collaboration, 
e-learning,  document  management 
and  so  forth.  The  goal  of  the  dynamic 
workplace  is  to  take  all  this  stuff,  inte¬ 
grate  it  and  make  it  highly  [adaptive]  to 
the  user  role  or  the  business  problem 
that  you’re  trying  to  address. 


computing  work?  This  is  all  about  cre¬ 
ating  an  ability  to  have  computing 
viewed  as  something  that  is  much 
more  dynamically  deployable.  And  the 
collaborative  middleware  that  Lotus 
provides  is  a  big  piece  of  this,  because 
it’s  about  how  you  connect  people  into 
this  utility  or  network  structure.  We 
think  that  this  is  one  of  the  first  places 
that  people  will  look  and  say,  “This 
looks  like  a  utility  to  me.” 


Q&A 


What’s  the  main  message  you’ll  de¬ 
liver  at  the  Lotusphere  conference 
in  January?  We’ve  been  talking 
about  this  “next-gen”  project, 
which  is  the  use  of  J2EE  tech¬ 
nologies  around  Lotus’  collabo¬ 
rative  capabilities.  We’ll  have  a 
lot  of  updates  on  that. 


How  does  that  fit  into  IBM’s  “on-demand” 
computing  vision?  And  what  is  Lotus  doing 
to  support  that  strategy?  The  on-demand 
initiative  is  really  about  the  standard¬ 
ization  of  computing  to  solve  what  is 
one  of  the  great  remaining  challenges: 
How  do  we  really  make  distributed 


What’s  your  reaction  to  the  recent  Micro¬ 
soft  ruling?  There’s  no  reaction  I  really 
have  to  it,  because  my  attitude  on  the 
whole  thing  was  that  it  didn’t  exist. 
What  I  mean  by  that  is  we  try  to  stay 
focused  on  customers  and  presenting  a 
better  offer  than  our  competitors. 

What  I  think  we’ve  seen  is  that  Micro¬ 
soft,  by  this  ruling,  is  asked  to  provide 
technical  information.  That’s  good  for 
the  industry  and  good  for  customers. 
The  question  will  be,  how  much  more 
productive  can  our  people  be  with 
what’s  now  being  mandated?  I 


MORE  ONLINE 


For  a  more  extensive  version  of  this  interview  with 
Al  Zollar,  visit  our  Web  site: 

O  QuickLink  34180 

www.computerworld.com 


i 

i 


THERE’S  SHALLOW 
INTEGRATION  AND  THE 


'VTEGRATION 


MAKE  SURE  YOU 
KNOW  THE  DIFFERENCE 

BEFORE  YOU  DIVE  IN. 


Everybody  seems  to  be  jumping  into  integration  these 
days.  As  the  originators  of  business  integration,  TIBCO 
Software  knows  how  difficult  it  can  be  to  differentiate 
between  the  many  solutions. 


Our  integration  solution  delivers  more  than  a  point-to-point 
connection.  Far  more.  Our  innovative  and  unbiased 
approach  starts  by  integrating  the  systems  you  already  have, 
then  streamlining  the  processes  that  span  your  business. 
The  result  is  no  less  than  the  ultimate  transformation  of  your 
business  into  a  real-time  enterprise.  It’s  a  deeper  solution 
that  delivers  measurable  business  results  now — and  allows 
you  to  scale  for  the  future. 


Take  Seagate.  When  we  integrated  the  disk  drive  giant  with  its  partners 
and  customers,  the  resulting  system  delivered  superior  customer  service 
and  enabled  the  company  to  bring  its  products  to  market  faster.  And  when 
we  created  adidas-Saiomon's  real-time  supply  chain  it  resulted  in  faster 
time  to  market  and  higher  revenues  for  the  sporting  goods  marketer 
That's  the  power  of  now. 


Learn  how  our  deep  integration  has  worked  for  other 
Global  2000  companies.  Call  888-668-4226  or  visit 
www.tibco.com/acw  to  obtain  our  5  Proven  Strategies 
demonstrating  how  to  get  more  out  of  your  people, 
processes  and  systems. 


The  Power  of  Now" 


COMPUTERWOULD  November  11,2002 


NEWS 


www.computerworld.com 


Wireless  Start-up  Targets  4-Mile  Range 


BY  BOB  BREWIN 

Start-up  Vivato  Inc.  last  week 
announced  plans  to  market  a 
wireless  LAN  switch  that  uses 


a  planar  phased-array  antenna 
to  support  a  communications 
range  of  more  than  four  miles, 
compared  with  hundreds  of  feet 


for  wireless  LAN  access  points. 

Phil  Belanger,  vice  presi¬ 
dent  of  marketing  at  Vivato, 
said  the  San  Francisco-based 


vendor  is  aiming  the  switch 
at  corporate  users  who  want 
to  implement  WLANs  in 
large  buildings  or  campus 
environments.  Other  target 
markets  include  public-access 
WLANs  and  wireless  Inter- 


.  . 


7,000  Companies  Know  the  Power  of  “Your  Business, Your  Way.  ”  Do  You? 


Since  1990,  Remedy  has  enabled  IT  professionals  to  adapt  to  the  needs  of  an  ever-changing 
business  environment  by  providing  industry-leading  Service  Management  solutions,  such  as  Help 
Desk,  Asset  Management,  and  Customer  Support,  that  reduce  costs,  improve  quality  of  service, 
and  maximize  overall  operational  effectiveness.  Our  global  community  is  more  than  10  million 
users  strong,  and  includes  a  worldwide  partner  network  and  a  thriving  developer  community. 
Come  see  why  Remedy’s  packaged  applications  and  developer  environment  are  the  leading 
choice  of  80%  of  the  Fortune  100  for  their  Service  Management  needs. 


www.remedy.com/leader/ 

or  call  us  at  1.888.294.5757 


Remedy 


net  service  providers. 

The  range  of  an  indoor  sys¬ 
tem  tops  out  at  about  a  mile, 
Belanger  said.  Vivato  envi¬ 
sions  users  setting  up  just  one 
outdoor  antenna  to  provide 
wireless  service  to  an  entire 
office  building,  eliminating 
the  need  for  multiple  indoor 
access  points.  The  switch  is 
rated  to  deliver  throughput  of 
up  to  800M  bit/sec.,  compared 
with  11M  bit/sec.  for  802.11b 
Wi-Fi  products. 

Vivato  derives  its  range  and 
throughput  from  the  phased- 
array  antenna,  which  is  similar 
to  devices  used  on  the  U.S. 
Navy’s  Aegis  cruisers  to  track 
and  identify  aircraft.  The  2  ft. 
by  2  ft.  square  antenna  forms 
electronic  beams  that  send 
narrow  pulses  of  high-speed 
data  to  WLAN  clients,  Be¬ 
langer  said. 

Product  Potential 

Nelson  Ludlow,  CEO  of  Mo- 
bilisa  Inc.,  said  that  given  the 
distance  claims,  the  switch 
sounds  potentially  useful. 
Ludlow  plans  to  do  a  hands-on 
evaluation  of  the  technology 
later  this  month.  His  Port 
Townsend,  Wash.-based  com¬ 
pany  is  involved  in  an  effort 
to  provide  WLAN  services  on 
boats  operated  by  the  Wash¬ 
ington  state  ferry  system. 

Phased-array  antennas  are 
currently  being  used  in  large 
cellular  and  military  applica¬ 
tions,  said  Craig  Mathias,  an 
analyst  at  Farpoint  Group  in 
Ashland,  Mass.  “I’m  a  big  be¬ 
liever  in  antenna  arrays,  and 
I  believe  they  will  see  signifi¬ 
cant  deployments  in  WLAN 
applications,”  Mathias  said. 
But,  he  added,  “the  technical 
advantage  that  Vivato  may 
have  is  yet  to  be  proven.” 

Belanger  declined  to  dis¬ 
close  pricing  for  Vivato’s 
switch,  which  is  expected  to 
ship  next  quarter.  In  addition 
to  802.11b,  the  switch  will  sup¬ 
port  the  802.11a  and  802.11g 
standards,  as  well  as  multiple 
security  protocols. 

Vivato’s  announcement  came 
two  months  after  Holtsville, 
N.Y.-based  Symbol  Technolo¬ 
gies  Inc.  introduced  a  WLAN 
architecture  that’s  built 
around  central  switches 
[QuickLink  32531].  > 


Toyota  Motor  Sales,  USA  Inc. 

Bonneville  Power  Administration 
Cornell  University  Campus  Life 
Nautilus  Insurance  Group 
Pfizer  Canada 
PHH  Arval 

School  Board  of  Broward  County 
Toyota  Motor  Sales,  USA  Inc. 
USDA  Farm  Service  Agency 
Yum  Brands,  Inc. 


Solution  of  the  Year 

Dashboards 
Financial  Management 
Web 

Sales  &  Marketing 

Enterprise 

Education 

Operations 

Government 

Human  Resources 


On  behalf  of  the  sponsors  of  these  awards,  thank  you  to  all  participants 
for  their  innovative  solutions  in  business  performance. 


Forbes 


The  experts  selecting  the  winners:  Patrick  Dillon,  Editor,  Forbes  ASAP;  Seth  Grimes,  President,  Alta  Plana  Corporation: 
Maryfran  Johnson,  Editor-in-Chief,  Computerworld;  Justin  Kestelyn,  Editor-in-Chief,  Intelligent  Enterprise;  Dave  Stodder, 
Editorial  Director,  Intelligent  Enterprise;  Erik  Thomsen,  Chief  Scientist,  DSS  Lab 


Go  to  www.brio.com/awards/cw  to  learn  how  you  too  can  make  your 
business  perform. 


Special  thanks  to  Navigant  International  for  the  grand  prize  travel  provisions 


worldwide  user  conference 


are  Company 


The  Business  Performance 


notice  Brio  and  the  Brio  Software  logo  are  registered  trademarks  of  Brio  Software,.  Inc',  All  Byproduct  and  service  nai 
i  are  the  property  of  their  respective  owners 


Copyright  ©  2002  Brio  Software.  Inc.  All  rights  reserved.  Specifii 
trademarks  or  registered  trademarks  of  Brio  Software,  tnc.  All  ol 


;  mentioned 


When  software  lets  you  use  data  to  personalize  customer  connections,  that’s  one  degree  of  separation.  The  myriad  of  choices 
available  to  online  consumers  is  staggering.  The  personal  service  available  at  traditional  businesses  is  largely  absent  online  and  the  pressure 
is  on  you  to  bring  it  back.  Microsoft®  solutions  for  Internet  business  provide  the  tools  you  need  to  build  stronger  relationships  with  your  global 
network  of  customers  and  trading  partners.  Scalable  user  and  content  profiling  allows  you  to  target  content  and  offer  more  personalized 
options  including  customer-specific  catalogs  with  custom  pricing  and  product  information. 

Now  it’s  easier  for  you  to  aggregate  profile  data  from  multiple  underlying  data  sources  to  leverage  existing  technology  investments  and 
enable  richer  profiling  capabilities.  And  with  built-in  business  analytics,  you  can  analyze  ever-changing  user  behavior  to  predict  purchasing 
and  browsing  preferences,  all  while  delivering  real-time  recommendations.  Plus,  through  direct  support  for  XML-based  data,  companies  can 
exchange  catalog  and  order  information  and  integrate  order  fulfillment  systems  for  seamless  transactions.  Find  out  how  .NET  connected 
software  can  help  you  connect  with  your  customers  better.  Go  to  microsoft.com/enterprise  Software  for  the  Agile  Business. 


oo»«  '.  on.  Ad  rights  reserved.  Microsoft  and  BizTalk  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


The  Royal  Canadian  Mint  wanted  to  reach  its  diverse  worldwide  customers,  expand  sales  of  its  products,  and  deliver  a  highly 
customized  consumer  experience,  so  they  used  the  Web  content  management  capabilities  of  Microsoft  Content  Management 


~\ 


r 


IBM  AS400  BizTalk 
Server 


V 


Server  integrated  with  the  e-commerce,  personalization  and  backend  data  integration  capabilities  of  Microsoft  Commerce  and 


Content  Commerce 
Management  Server 
Server 


Internet 


Customer 


BizTalk ®  Servers.  Now  the  Mint  can  publish  content  in  multiple  languages,  draw  on  customer 
information  from  its  legacy  database,  and  feed  online  orders  through  an  existing  ERP  system, 
enabling  the  Royal  Canadian  Mint  to  offer  customers  a  richer  and  more  personalized  experience. 


J 


24  COMPUTERWORLD  November  11,  2002 


OPINION 


i 

www.computerworld.com 


PATRICIA  KEEFE 


PIMM  FOX 


Verifying  Trust 


ALLOWEEN  MAY  BE  OVER,  but  the 
Nightmare  on  Data  Street  is  just  get¬ 
ting  under  way  for  public  companies, 
which  now  face  a  web  of  disclosure 
and  verification  regulations  spawned 
by  this  year’s  continuing  horror  show  of  corporate 
accounting  scandals. 

CEOs  and  CFOs  are 


now  required,  thanks  to 
this  summer’s  passage  of 
the  Sarbanes-Oxley  Act, 
to  sign  documents  attest¬ 
ing  to  the  veracity  of 
their  financial  data. 

Some  observers  say  the 
Securities  and  Exchange 
Commission  may  yet 
scare  up  a  few  more  reg¬ 
ulations.  And  why  not? 

Many  blame  the  unbri¬ 
dled  greed  that  led  to  the 
ongoing  crises  at  companies  like  En¬ 
ron,  Tyco  and  WorldCom  for  exacer¬ 
bating  the  market  crash,  which  sank 
the  stock  prices  of  many  companies 
and  the  retirement  dreams  of  mil¬ 
lions  of  Americans  along  with  it. 
Something  had  to  be  done. 

So  a  jittery  Republican  administra¬ 
tion  did  what  it  hates  to  do:  created 
new  regulations,  in  this  case  ones 
designed  to  limit,  if  not  stop,  corpo¬ 
rate  fraud.  It  also  ordered  up  an  ac¬ 
counting  oversight  board  to  oversee 
the  audit  process.  Expect  more 
guidelines  to  follow  once  the  board 
settles  in  next  year. 

What’s  this  got  to  do  with  IT?  A 
lot,  actually.  It’s  not  just  a  problem 
for  the  CEO  and  CFO.  It  will  land  on 
unprepared  CIOs  like  a  ton  of  depo¬ 
sitions.  You  may  not  have  to  sign 
anything,  but  the  key  to  safeguarding 
and  verifying  data  accuracy  lies  with¬ 
in  the  heart  of  the  financial  systems 
and  enterprise  infrastructure  IT  de¬ 
signs  and  oversees.  As  Lynn  Bruneau, 
a  managing  director  at  risk  consul¬ 
tancy  Protiviti  puts  it,  “Do  you  know 
where  your  data  spent  the  night?” 

Many  CsOs  see  this  as  no  big  deal. 
Financ  il  applications  are  among  the 


PATRICIA  KEEFE  IS  a 

Computerwortd  ed  ilor  at 
large.  You  can  contact 

her  at  patricia.keefe® 
computerworld.com. 


most  heavily  controlled 
and  monitored  systems. 
Many  shops  mapped  out 
their  IT  architectures  as 
part  of  the  Y2k  exercise 
and  should  be  able  to  re¬ 
use  those  blueprints  to  ex¬ 
plain  the  “Where  did  you 
get  this  information?”  part 
of  the  disclosure  controls. 

But  there  are  other 
issues.  Financial  systems 
can  be  updated  to  pro¬ 
vide  real-time  data  feeds, 
monitoring  and  updates,  and  even 
to  speed  the  process  of  data  collec¬ 
tion,  analysis  and  reporting.  And 
what  about  security?  Are  you  dead 
certain  there  are  no  vulnerabilities 
so  no  one  inside  or  outside  can  get 
at  critical  data?  Is  your  system  audit 
trail  as  solid  as  a  rock?  You  may 
have  to  prove  it.  You  may  have  to 
address  security  issues  that  you’ve 
been  putting  off.  And,  oh,  have 


you  documented  your  procedures? 

Wait  —  more  needs  to  be  done. 

Many  companies  are  launching 
“disclosure  committees”  to  institu¬ 
tionalize  the  process  they  went 
through  in  August,  when  they  had  to 
verify  data  for  the  first  time.  If  your 
company  has  one,  make  sure  you’re 
on  it,  says  Bruneau. 

Know  what’s  going  on  in  your  own 
shop.  Be  able  to  map  your  technical 
infrastructure  and  explain  how  it 
supports  the  business.  Know  where 
the  vulnerabilities  are.  Make  sugges¬ 
tions  on  how  to  improve  things  go¬ 
ing  forward. 

Scrutinize  outsourcing  contracts. 

If  you’re  handing  off  responsibility 
to  an  outside  party,  you  must  define 
the  details  underpinning  data  in¬ 
tegrity  in  your  financial  systems. 

Ray  Hoving,  a  former  president  of 
the  Society  for  Information  Manage¬ 
ment,  calls  this  “hygienic  comput¬ 
ing.”  In  today’s  more  paranoid  envi¬ 
ronment,  “the  stakes  are  getting 
higher,”  he  says. 

We’ve  moved  well  beyond  putting 
into  action  all  those  platitudes  about 
aligning  IT  with  business  goals  and 
about  serving  the  needs  of  the  busi¬ 
ness  units.  Indeed,  IT  and  business 
processes  have  in  fact  become  all  too 
intertwined.  Scary  as  it  may  be,  CIOs 
simply  can’t  sit  this  one  out.  I 


Choreograph 

Collaboration 

COLLABORATION  is  an 
impressive-sounding 
word,  but  it’s  so  amor¬ 
phous  that  it  can  obscure 
down-to-earth  benefits  for 

large  IT  shops  that  must  work  togeth¬ 
er  across  geographies  and  time  zones. 
It’s  obvious  that  if  you  have  operations 
in  the  U.S.  and  overseas,  you  need  a 
tool  to  mitigate  the  high  cost  and  ad¬ 
ministrative  burden  of  managing  soft¬ 
ware  development. 

The  goal  should  be  to  put  in  place  a 
common  development  environment 
that  gives  control  to  the  individuals 
writing  the  code,  rather  than  making 
them  jump  through  permission-based 
hoops.  They  need  source-code  con¬ 
trol,  as  well  as  capabilities  for  version 
management,  change  management, 
and  quality  and  assurance  testing.  The 
tools  have  to  be  easy 
for  developers  to  use 
(meaning  minimal 
training  is  required), 
and  managers  must 
have  access  to  the  de¬ 
velopment  process. 

Typically,  collabora¬ 
tion  tools  have  been 
encumbered  by  hard¬ 
ware  costs  and  admin¬ 
istrative  bottlenecks 
that  prevent  develop¬ 
ers  from  managing  the 
products  by  themselves. 

The  search  for  an  appropriate  envi¬ 
ronment  should  focus  on  more  than 
just  version  controls.  You  need  to  be 
able  to  extract  value  from  code  reuse 
and  shared  developer  expertise  — 
wherever  the  developers  may  be. 

For  example,  with  developers  in  San 
Francisco,  London  and  Walnut  Creek, 
Calif.,  Barclays  Global  Investors  need¬ 
ed  a  common  platform  to  allow  part¬ 
ners  in  Boston  and  Sacramento,  Calif., 
to  be  part  of  the  development  process. 

It  was  a  challenge  to  find  such  a 
product,  because  it  had  to  support 
generic  development  operations  and  it 
needed  to  be  sophisticated  enough  to 
encompass  XML  development,  Web- 
based  client-order  systems  and  large- 
scale  trading  operations. 

The  tool  had  to  support  multiple 
project  types  and  act  as  a  source-code 
development  hub.  This  would  speed 
technical  project  communication  and 


pimm  fox  is  a  freelance 
writer  in  San  Francisco. 
Contact  him  at 


www.computerworld.com 


OPINION 


COMPUTERWORLD  November  11, 2002 


make  it  possible  to  create  archives 
for  code  and  routine  project  activities, 
which  could  later  be  reused.  With 
added  control  features,  developers 
should  be  able  to  access  the  company’s 
library  of  stored  scripts  and  proce¬ 
dures.  Because  the  software  selected 
from  Brisbane,  Calif. -based  CollabNet 
Inc.  is  in  a  single  location,  manage¬ 
ment  oversight  isn’t  a  burden  for 
developers. 

Barclays  made  flexibility  a  high- 
water  mark  for  the  collaboration  soft¬ 
ware,  so  developers  can  continue  to 
use  their  favorite  integrated  develop¬ 
ment  platform.  Permission-based  par¬ 
ticipation  also  lets  third  parties  con¬ 
tribute  to  the  process,  spreading  risk 
and  expertise  outside  traditional 
boundaries.  E-mails,  face-to-face 
meetings,  travel  costs  and  project 
completion  times  were  reduced.  The 
software  development  infrastructure 
is  now  managed  by  one  technical  ad¬ 
ministrator  working  half  time,  down 
from  three  full-time  positions. 

Collaboration  sounds  like  an  ele¬ 
gantly  choreographed  experience,  but 
the  true  value  lies  in  the  mundane  ad¬ 
vantages  of  reducing  costs  and  making 
your  developers’  lives  better.  ► 

THORNTON  MAY 

It’s  Time 
To  Upgrade 
Portfolios 

WE  ARE  IN  A  unique 
period  in  the  histo¬ 
ry  of  enterprise 
computing.  The  extra-organi¬ 
zational  elements  of  the  tech¬ 
nology  supply  side  —  venture  capital¬ 
ists,  vendors,  subscription  research 
firms  and  systems  integrators  —  have 
been  struck  mute  by  the  perfect-storm 
convergence  of  an  economic  down¬ 
turn,  the  utter  lack  of  killer  apps  in  the 
pipeline  and  a  bordering-on-revenge- 
seeking  buyer  dissatisfaction  with 
prior-period  technology  purchases. 

Pity  the  poor  vendor.  But  things  are 
no  better  inside  IT  organizations. 

This  year’s  IT  budget  cycle  was  also 
unique  because  of  the  current  unprece¬ 
dented  conditions.  While  every  com¬ 
pany’s  budget  meeting  was  different  in 
details,  a  general  consensus  emerged 
from  these  sessions  that  IT  depart¬ 
ments  must  migrate  from  being  func¬ 
tional  fetishers  (constantly  demanding 


new  stuff)  to  being  value 
addicts  (delivering  business 
benefits  with  what  they 
already  have). 

Additionally,  leading  IT 
operations  in  end-user 
companies  such  as  Toyota 
and  Kraft,  as  well  as  high- 
tech  vendors  like  Cisco  and 
Hewlett-Packard,  are  hav¬ 
ing  to  move  away  from 
managing  disparate  pieces 
of  functionally  applied 
technology  to  managing 
enterprise  IT  portfolios. 

They’re  being  forced  to  think  more 
deeply  about  how  and  why  they’re 
spending  money  on  IT. 

One  of  the  implications  of  this 
“back  to  basics”  mind-set  was  the  res¬ 
urrection  of  the  long-forgotten  skill 
set  of  IT  portfolio  management. 

At  a  recent  program  called  “Manag¬ 
ing  the  Information  Resource”  held  on 
the  UCLA  campus,  IT  leaders  from  32 
companies  in  12  vertical  markets  were 
asked  to  describe  how  their  organiza¬ 
tions  manage  their  IT  portfolios,  pay¬ 
ing  specific  attention  to  two  things: 

■  What  tools/processes  for  portfolio 


management  were  being 
used? 

■  What  lessons  were  be¬ 
ing  learned/relearned? 

The  results  were  some¬ 
what  disturbing.  IT  portfo¬ 
lio  management  skills  and 
tools  have  atrophied  in 
most  organizations.  Fur¬ 
thermore,  a  very  broad 
spectrum  of  portfolio  man¬ 
agement  behaviors  and 
tool  sets  exists  in  global 
corporations  today.  As 
such,  IT  portfolio  manage¬ 
ment  means  different  things  to  differ¬ 
ent  companies.  A  common  definition 
is  lacking. 

IT  managers  at  the  UCLA  confer¬ 
ence  said  they  generally  believe  that 
until  2005,  more  value  will  be  created 
by  making  technologies  disappear  (by 
methods  such  as  rationalizing  plat¬ 
forms  and  turning  off  low-value  sys¬ 
tems  and  devices)  than  in  making  new 
technologies  appear.  The  best  way  to 
make  these  difficult  “What  do  we  turn 
off?”  decisions  is,  in  my  view,  effective 
IT  portfolio  management. 

Surprisingly,  many  IT  leaders  leave 


the  choice  of  portfolio  management 
tools  to  relatively  low-level  project 
managers.  But  project  management  is 
not  portfolio  management.  The  port¬ 
folio  management  tool  creates  the  en¬ 
vironment  in  which  important  deci¬ 
sions  will  be  made. 

Steve  Finnerty,  CIO  at  Kraft,  said  at 
the  recent  annual  conference  of  the 
Society  for  Information  Management, 
“Most  of  the  low-hanging  fruit  in  the 
functional  orchard  has  already  been 
harvested.  The  big  opportunities  are 
at  the  enterprise  and  extra-enterprise 
level.”  The  only  way  to  get  to  a  point 
where  enterprise  decisions  can  be 
made  is  with  IT  portfolio  manage¬ 
ment  being  driven  at  the  highest 
levels  of  IT. 

Whether  you  are  seeking  to  become 
proficient  in  forecasting  or  simply  try¬ 
ing  to  determine  which  legacy  systems 
should  get  the  ax,  a  critical  next  step 
for  IT  leaders  is  to  get  your  portfolio 
management  houses  in  order.  I 


OMore  columnists  and  links  to  archives  of  previous 
columns  are  on  our  Web  site: 

www.computerworld.com/columns 


READERS’  LETTERS 


Data  Integration  Need  Not  Be  Complex 


After  reporting  the  effec¬ 
tiveness  of  the  IBM  Discovery- 
Link  “federated  database”  solution 
at  Aventis  Pharmaceuticals  and 
enumerating  other  approaches  to 
data  integration  (custom  interfaces, 
replication,  ETL  and  Web  services), 
your  article  [“Bridging  Data  Is¬ 
lands,”  QuickLink  33167]  states 
that  regardless  of  the  approach, 
data  integration  can  be  difficult, 
expensive  and  error-prone.  But  the 
key  point  to  the  federated  solution 
is  that,  under  circumstances  where 
data  already  resides  in  managed, 
well-understood  data  stores,  inte¬ 
gration  is  neither  difficult  nor  ex¬ 
pensive  -  the  data  is  not  moved, 
not  replicated  and  not  redesigned, 
and  custom  code  need  not  be  writ¬ 
ten.  The  federated  DBMS  product 
is  installed,  network  connections  to 
sources  are  defined,  source  defini¬ 
tions  are  configured,  user  access 
is  mapped,  and  logical  tables  of 
source  data  are  declared  as  aliases. 
Once  these  steps  are  executed, 
often  in  a  matter  of  a  few  hours, 
queries  are  transparently  executed 
across  all  defined  sources  when  in¬ 
voked  by  their  aliases  in  SQL  state¬ 


ments.  Difficulties  arise  only  when 
sources  are  not  well  managed,  or 
not  well  understood,  or  not 
amenable  to  conversion  to  the  logi¬ 
cal  equivalent  of  tables. 

These  conditions  of  course  will 
increase  the  cost  and  complexity  of 
any  of  the  named  solutions,  not  just 
database  federation.  True,  any  data 
integration  effort  is  subject  to  error, 
but  the  less  code  written  and  the 
less  transformation  performed,  the 
less  opportunity  there  is  to  make 
mistakes.  Aventis  users  can  jointly 
query  proprietary  and  public  data 
worldwide  in  a  single  statement, 
without  Aventis  assuming  the  bur¬ 
den  of  ownership,  storage  and  main¬ 
tenance  of  any  data  but  their  own. 
David  P.  Vernon 
Technical  solutions  specialist, 
life  sciences,  IBM,  Tucson, 
Ariz. 


CRM’s  Challenges 

Michael  foote’S  column 
“Avoid  Wiping  Out  on  New 
CRM  Wave”  [QuickLink  33244]  is, 
at  last,  an  article  that  apportions 
blame  more  fairly,  laying  a  good 


deal  of  it  at  the  feet  of  the  compa¬ 
nies  whose  projects  are  failing  in¬ 
stead  of  taking  the  easy  way  out 
and  beating  up  on  the  vendors  and 
consultants.  Simply  put,  a  signifi¬ 
cant  majority  of  companies  went 
into  CRM  with  rose-tinted  glasses 
and  a  good  dose  of  underestima¬ 
tion  of  the  complexities  of  process 
and  organizational  change  in  the 
customer-facing  part  of  the  organi¬ 
zation.  Fortunately,  the  lessons 
learned  by  such  companies  are 
becoming  more  publicized. 
Michael  Gentle 
Paris,  mgentle2@aol.com 


Use  IT  Wisely 

Michael  gartenberg  is  cor¬ 
rect  that  the  pace  of  change  is 
getting  faster,  and  yes,  we  will  be 
surprised  in  another  35  years 
[“Tomorrow’s  Computers  Benefit 
All,”  QuickLink  32996].  But  his 
idea  that  a  person  transported  from 
2,000  years  ago  to  the  year  1800 
would  find  life  and  civilization  easy 
to  adapt  to  is  wrong.  In  the  16th 
century,  Cortes,  with  500  soldiers, 
16  horses,  gunpowder  and  a  very 
different  belief  system,  seemed  a 
god  and  managed  to  conquer  the 


Aztec  empire.  But  there  is  another, 
instructive  side  to  this  story.  When 
a  technology  is  powerful  and  ac¬ 
cessible,  anyone  can  use  it  for  his 
own  purposes  without  understand¬ 
ing  it.  So  the  Native  Americans 
learned  to  use  gunpowder.  They 
didn't  know  how  to  make  a  gun  any 
more  than  most  of  us  self-congrat¬ 
ulatory  moderns  could  explain  a  sil¬ 
icon  chip  or  make  a  light  bulb.  But 
they  could  pull  triggers,  and  we  can 
push  buttons.  In  the  coming  35 
years,  let’s  hope  we  gain  more  wis¬ 
dom  to  match  our  wizardry. 

Mark  Cassidy 
Independent  contractor, 
Naugatuck,  Conn. 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor,  Computerworld, 
P0  Box  9171, 500  Old  Connecticut 
Path,  Framingham,  Mass.  01701. 
Fax:(508)879-4843. 

E-mail:  letters@computerworld.com. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 

OMore  letters  on  these  and  other 
topics  are  on  our  Web  site: 

computerworld.com/letters 


thornton  may  is  a  long¬ 
time  industry  observer, 
management  consultant 


and  commentator. 
Contact  him  at 

thomtonrnay@aol.com. 


(©server 


Winning  with  Linux®  and  Intel?  Online  diversified  financial  services  company  E*TRADE  Group,  Inc.,  has  just 
installed  90  IBM  (©server  xSeries™  servers  running  Linux  to  support  their  E*TRADE  Financial  Web  site. 
Why7  Ease  of  use  and  Linux  driven  affordability  and  scalability.  Select  xSeries  models  feature  the  Intel  Xeon™ 
processor  to  give  you  superior  performance  and  cost-effectiveness. To  receive  a  complimentary  IDC  white  paper 
on  how  to  reduce  TOO  with  Linux,  head  over  to  ibm.com/eserver/etrade 


(€)  h/st/ess  is  -the.  Fhy 


A  •  r  s  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary  depending,  among  other  things,  on 
d  customer  configurations  and  conditions.  IBM.  the  e-business  logo,  e-business  is  the  game.  Play  to  win  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation.  Linux 
I  trademark  of  Linus  Torvalds.  Intel,  the  Intel  Inside  logo  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company, 
product  and  ser vce  names  may  be  trademarks  or  service  marks  of  others.  ©  2002  IBM  Corporation.  All  rights  reserved. 


11.11.02 


FUTURE  WATCH: 

Good  Morning,  Dave  . . . 

The  Defense  Department  is  working 
on  a  self-aware  computer  that  can 
reason  and  adapt  to  surprises.  Will 
it  turn  out  to  be  a  dream  computer, 
or  a  nightmare  out  of  a  science- 
fiction  movie?  Page  36 


Spam  Wars 

Spammers  continue  to 
refine  their  techniques, 
while  companies  enlist 
technology  to  block 
productivity-draining 
nuisance  e-mail. 

Page  32 


The  Balancing  Act 

Despite  advances  in 
technology,  tuning  an 
intrusion-detection 
system  is  a  delicate 
process  requiring  the 
right  mix  of  know-how 
and  tools.  Page  34 


WEB  IDENTITY: 

WEIGHING  THE 
ALTERNATIVES 

Microsoft’s  Passport  and  the  Liberty 
Alliance’s  Web  authentication  services 
take  different  approaches  to  Web  identity 
management  today,  but  they  may  interoper¬ 
ate  in  the  future.  By  Carol  Sliwa 


Suppose  an  airline  wants  to 
give  its  online  customers  ac¬ 
cess  to  special  offers  from  its 
hotel  and  car  rental  partners, 
yet  spare  those  users  the 
bother  of  logging  in  each  time  they  link 
to  a  new  password-protected  Web  site. 

The  airline  also  might  want  to  give 
its  employees  access  to  the  secure 
sites  of  its  401(k)  and  insurance  pro¬ 
viders  without  forcing  them  to  prove 
their  identities  multiple  times. 

Two  of  the  more  prominent  options 
the  airline  might  consider  are  Micro¬ 
soft  Corp.’s  Passport  service  and  future 
systems  based  on  specifications  drawn 
up  by  the  Liberty  Alliance  Project,  an 
industry  consortium  with  more  than 
120  members,  whose  founders  include 
Sun  Microsystems  Inc.,  American  Ex¬ 
press  Co.  and  United  Air  Lines  Inc. 

But  IT  shops  might  want  to  carefully 
assess  their  choices  for  single  sign-on 
and  user  identity  management,  be¬ 
cause  both  options  are  in  a  state  of  flux 
and  new  Web  services  approaches 
could  alter  the  landscape  even  more. 

“You  really  have  to  have  a  driving 
business  need  to  want  to  do  this  now, 
because  of  the  potential  for  change,” 
says  Randy  Heffner,  an  analyst  at 
Cambridge,  Mass.-based  Giga  Infor¬ 
mation  Group  Inc. 

In  July,  the  Liberty  Alliance  Project 
released  its  specifications  for  a  stan- 
dards-based  mechanism  for  simplified 
sign-on  and  user  identity  management. 
But  although  vendors  have  promised 
products  based  on  those  specifica¬ 
tions,  they  have  yet  to  produce  them. 

The  second  phase  of  the  specifica¬ 
tions  —  which  will  include  guidelines 
for  site-to-site  authentication  and  user- 
attribute  sharing  —  isn’t  due  until  the 
first  half  of  next  year,  says  Paul  Mad¬ 
sen,  a  member  of  the  Liberty  Alliance’s 
technology  expert  group  and  manager 
for  identity  services  at  Addison,  Texas- 
based  Entrust  Inc. 

Microsoft’s  Passport  authentication 
service,  which  has  primarily  targeted 
consumers,  relies  largely  on  propri¬ 
etary  protocols  that  the  company  made 


available  last  month  for  inspection  and 
development  through  its  shared  source 
code  licensing  program.  But  Passport 
is  expected  to  shift  to  authentication 
tokens  based  on  MIT’s  Kerberos  tech¬ 
nology  and  add  support  for  Web  ser¬ 
vices  standards  next  year.  That,  in 
turn,  has  given  many  in  the  industry 
hope  that  Passport  may  someday  inter¬ 
operate  with  Liberty-based  authentica¬ 
tion  and  identity  management  systems. 

Core  Differences 

Currently,  the  approaches  differ.  One 
major  distinction  is  the  location  where 
each  model  stores  and  maintains  user 
data.  Another  is  the  means  by  which 
the  systems  share  a  user’s  authentica¬ 
tion  status  information. 

Under  the  Microsoft  service,  users 
register  either  via  www.passport.com 
or  a  member  site  that  has  an  agree¬ 
ment  with  Microsoft.  The  member  site 
must  be  running  Passport  Manager 
software,  which  serves  as  an  interme¬ 
diary  between  the  site’s  server  and  the 
Passport  server  and  helps  decrypt  in¬ 
coming  cookies. 

When  a  user  logs  into  a  member 
site,  he  is  redirected  to  a  page  with  the 
Passport  user  interface  and  branding 
from  the  referring  site.  The  member 
site  can  decide  how  many  of  10  possi¬ 
ble  fields  of  information  it  wants  the 
user  to  fill  in,  and  the  information  is 
stored  in  Microsoft’s  Passport  servers. 
Users  can  opt  to  share  all  of  that  infor¬ 
mation  with  other  Passport-enabled 
sites  when  they  sign  in,  or  only  their 
e-mail  addresses  or  names. 

When  a  user  signs  in  at  a  participat¬ 
ing  site,  he  is  redirected  to  Passport 
and,  if  he  doesn’t  have  a  cookie  that 
meets  the  referring  site’s  policy,  Pass¬ 
port  prompts  him  for  a  name  and  pass¬ 
word.  An  encrypted  authentication 
ticket  containing  the  user’s  informa¬ 
tion  is  sent  from  the  secure  Microsoft 
database  to  the  client  machine  by  way 
of  a  Web  address  query  string.  That 
ticket  is  then  sent  to  the  member  site 
(see  diagram  on  page  28). 

Dwight  Davis,  an  analyst  at  Summit 


C0MPUTERW9RLD  November  11, 2002 


TECHNOLOGY 


www.computerworld.com 


TWO  APPROACHES  TO  WEB  SINGLE  SI6N-0N 


Microsoft  Passport 


0  The  user  browses  to  Site  A  and 
clicks  the  Sign  In  button. 

©  The  site  redirects  the  user  request 
to  the  Passport  server,  which  checks 
the  user’s  cookie  file  for  an  active 
ticket.  If  no  active  authentication  tick¬ 
et  is  present,  or  if  the  ticket  is  deemed 
too  old  by  Site  A,  the  user  is  prompt¬ 
ed  for  his  name  and  password. 

©  The  Passport  service  redirects 
the  user  back  to  Site  A  with  an  en¬ 
crypted  authentication  ticket,  which 
contains  a  64-bit  unique  identifier 
and  profile  information  (also  encrypt¬ 
ed)  that  the  user  has  chosen  to  share. 
O  Site  A  decrypts  the  authentication 
ticket/profile  information  and  signs 
the  user  into  the  site. 

©  The  user  accesses  the  page, 
resource  or  service  requested. 


Site  A 


Passport  Service 


***** 

HU 

Co-branded  with  Site  A 


User 

NOTE:  This  scenario  assumes  the  user  has 
already  registered  with  the  Passport  service. 


Liberty  Alliance 


O  The  user  browses  to  Site  A 
(service  provider)  to  access  a 
Web  page,  resource  or  service. 
©  The  site  redirects  the  browser 
to  Site  B  (identity  provider). 

©  The  user  logs  in  at  the  ident¬ 
ity  provider  site,  which  creates 
a  small  SAML  authentication 
assertion  artifact. 

©  The  artifact  is  passed  back 
to  Site  A. 

©  Site  A  sends  the  artifact  to 
the  identity  provider  via  a  SOAP 
request.  The  artifact  represents 
the  actual  SAML  assertion. 

©  The  identity  provider  returns 
the  SAML  authentication  asser¬ 
tion  to  Site  A. 

©  The  user  accesses  the  re¬ 
quested  page  from  Site  A. 


Site  A  (service  provider)  Site  B  (identity  provider) 

I  I  O® 


User 

NOTE:  This  is  only  one  possible  scenario 
under  which  Liberty  protocols  work. 


In  the  future,  Passport-  and  Liberty-based  systems  may  be  able  to  federate  with  each  other  using  Web 
services.  Under  that  scenario,  SAML  assertions,  Kerberos  tickets  or  other  authentication  tokens  would 
be  shared  between  the  sites  through  XML-based  messages  sent  via  SOAP. 


Hi 


Strategies  Inc.  in  Boston,  notes  that 
some  companies  have  been  nervous 
about  Microsoft  owning  the  user  data, 
“even  if  it’s  only  hands-off  ownership.” 

The  Liberty  Alliance  takes  a  differ¬ 
ent  tack.  It  has  no  universal,  unique 
user  identifier  that  is  recognized 
across  sites,  and  no  single  identity 
provider  that  centrally  stores  user 
data.  Instead,  a  wide  range  of  sites  can 
serve  as  identity  providers,  and  these 
may  federate  with  one  another,  ex¬ 
changing  authentication  tokens  via  the 
Security  Assertions  Markup  Language 
(SAML)  and  SAML  extensions. 

Under  a  Liberty-based  system,  a 
user  accessing  a  password-protected 
site  is  redirected  to  the  appropriate 
identity  provider.  Once  there,  the  user 
logs  in  and  is  redirected  back  to  the 
original  site  with  a  one-time  random 
string  called  an  artifact.  The  artifact 
is  then  presented  and  exchanged  for 
a  SAML  assertion,  which  contains  the 
information  the  site  needs  to  authenti¬ 
cate  the  user  (see  diagram). 

In  contrast,  Microsoft  now  uses  pro¬ 
prietary  protocols  to  transmit  authenti¬ 
cation  tickets  between  its  Passport 
servers  and  member  sites.  Adam  Sohn, 
a  product  manager  in  Microsoft’s  .Net 
strategy  group,  says  that  even  when 
Microsoft  adds  support  for  Kerberos- 
ba  sed  authentication  next  year,  it  will 
not  be  “switch  flipping”  from  the  cur¬ 


rent  Passport  authentication  mechanism 
to  Kerberos-based  authentication;  it 
will  be  more  gradual,  because  there  are 
200  million  existing  Passport  accounts. 

Dan  Blum,  an  analyst  at  Burton 
Group  in  Midvale,  Utah,  says  the  use  of 
Kerberos  has  been  limited  primarily  to 
Windows  2000  users  and  universities, 
largely  because  “the  mechanism  of  set¬ 
ting  up  the  Kerberos  trust  is  cumber¬ 
some  and  requires  opening  up  addi¬ 
tional  ports  in  the  firewall.”  Blum  says 
the  trust-management  and  firewall 
problems  should  start  to  be  resolved 
once  Microsoft  releases  its  new  Trust- 
Bridge  server  software,  which  will 
make  it  possible  for  two  companies  to 
“more  conveniently  federate  authenti¬ 
cation  and  even  authorization  within 
the  Microsoft  model.” 

Compatibility  Issues 

But  Microsoft’s  commitment  to  the  bi¬ 
nary  Kerberos  tickets  differs  from  the 
Liberty  Alliance-based  specifications, 
which  favor  XML-based  SAML  asser¬ 
tions  for  user-to-site  authentication. 

Microsoft  has  committed  to  support 
SAML  assertions  in  its  Windows  serv¬ 
er  authorization  infrastructure  but  has 
yet  to  pin  its  support  to  a  particular  re¬ 
lease  or  time  frame,  Sohn  says. 

Despite  the  present  incompatibility, 
there  are  ways  to  get  Passport  member 
sites  and  Liberty-based  sites  to  share 


authentication  data.  For  instance,  a 
Web  site  could  support  the  Liberty 
specifications,  join  Passport  and  essen¬ 
tially  serve  as  a  protocol  mapper,  doing 
the  necessary  translations  to  pass  user 
identity  information  from  one  site  to 
another,  Madsen  says. 

Beyond  that,  he  notes  that  the  sec¬ 
ond  phase  of  the  Liberty  specifications 
will  include  guidelines  outlining  some 
site-to-site  authentication  options,  in¬ 
cluding  SAML  assertions,  Kerberos 
tickets  and  PKI-based  technologies. 

But  that  still  won’t  address  the  user-to- 
site  authentication  technology  conflict 
between  Passport’s  Kerberos  tickets 
and  Liberty’s  SAML  assertions,  he  says. 

The  greatest  promise  for  interoper¬ 
ability  may  lie  in  the  proposed  Web  Ser¬ 
vices  Security  (WS-Security)  standards 
that  Microsoft,  IBM  and  Mountain  View, 
Calif.-based  VeriSign  Inc.  announced 
earlier  this  year  and  last  summer  turned 
over  to  the  Organization  for  the  Ad¬ 
vancement  of  Structured  Information 
Standards  in  Billerica,  Mass. 

Madsen  says  the  Liberty  Alliance  is 
looking  into  WS-Security.  And  Micro¬ 
soft  plans  to  “lean  very  heavily”  on 
WS-Security,  which  can  handle  differ¬ 
ent  types  of  security  tokens,  Sohn  says. 

Sohn  says  SAML  assertions  or  Ker¬ 
beros  tickets  could  be  dropped  into 
XML-based  messages,  which  could  be 
sent  via  the  Simple  Object  Access  Pro¬ 


tocol  (SOAP)  to  carry  user  credentials 
between  sites. 

“There’s  no  reason  any  [two]  sys¬ 
tems  can’t  interact  in  a  trusted  manner, 
whether  they’re  Liberty  or  Passport  or 
a  couple  of  enterprises  interested  in  in¬ 
tegrating  their  supply  chains,”  he  says. 

But  the  underlying  systems  must 
be  able  to  understand  the  different 
authentication  tokens,  Madsen  cau¬ 
tions.  If  they  can’t,  some  type  of  ser¬ 
vice  might  be  needed  to  perform  map¬ 
ping  functions,  he  says. 

It  remains  to  be  seen  if  that  will  suit 
the  needs  of  corporate  IT  managers 
who  don’t  want  to  have  to  support  du¬ 
eling  technologies. 

“We’re  waiting  for  the  industry  and 
this  space  to  evolve  to  a  point  where 
we  can  feel  comfortable  implementing 
something  that  will  allow  us  inter¬ 
operability  and  flexibility,”  says  Justin 
Erbacci,  a  senior  architect  at  United 
Air  Lines. 

Erbacci  may  have  to  be  patient.  Prod¬ 
ucts  supporting  the  Liberty  specifica¬ 
tions  aren’t  out  yet.  TrustBridge  isn’t 
due  until  next  year.  And  SAML  sup¬ 
port  through  WS-Security  may  not 
happen  before  the  second  half  of  2003 
—  or  later,  warns  Blum. 

“It’s  going  to  take  a  couple  of  years 
before  we  start  to  see  widespread  use 
of  federated  authentication  using  any 
of  these  techniques,”  Blum  predicts.  I 


A  TO  SIEBEL, 
WE’VE  GOT  YOU 

CLUSTERED 

^  I  ^  \ 

storage  software  company. 


'PS§ 


According  to  a  ret 
Software  was  both  the 

■Cut  IDC  report  on  the  clustering  and  availability  sol'twa 
■  fastest  growing'x'ompany  in  the  segment  and  the  re\ 

re  market.  VK  RITAS 
eime  leader  in  JOQI. 

ver 

VERITAS 

ilas.com/clustering 

•  ,Jr-L J 

■  ■  -•  ■  ■' "  ,  ■  '■ 

•  ■  j  v  ycftAftV  • 

•  -  ...  \V>  V./c  <'  t. 

•  .  .  •  '  •  <  •  .  v  •  . 

•  •  '■  y-k-  ■  '  •  > 

•  .  .  /  4-':  - 

.  .  .  3  .  '■  r- 

=  A,  v  •' 

i  ■■■  :  ?d  r-‘  ■  f * 

fii.f'W.l'  -rU 

-/• -Tv.-.  •• 

Copyright  ©2002  VERITAS  Software  Corporation.  All  rights  reserved.  VERITAS  Software  and  the  VERITAS  Software  logo  are  trademarks  or  registered  trademarks  of 

VERITAS  Software  Corporation.  All  other  trademarks  are  the  property  of  their  respective  owners. 


I 


m 


;  '  ' 


!*$***$ 


Visual  Studio  .NET  can  help  you  with  (nearly)  every  part  of  your  job.  Whether  you’re  building  applications  for  Windows.  Web,  mobile  or  XML 
•Web  services.  Visual  Studio  .NET  is  designed  to  help  you  overcome  today’s  programming  challenges.  For  starters,  the  simplified  Windows,  Web,  and 
jTvbbiie. forms  designers  will  let  you  use  the  same  programming  model  to  rapidly  create  robust  applications  across  the  broadest  range  of  platforms 
and  devices.  With  new  RAD  for  the  server  features,  you  can  eliminate  thousands  of  lines  of  code  by  using  the  same  "drag-and-drop,  double-click 


registered  trademarks  or  ttadentertis  o‘  Microsoft  Coloration  <r»  the  United  States  and/or  other  countries.  The  names  of  actual  companies  end  products 


pft.  the.. NET  tc&o.  Y>sueiISn»dkh  th<?  Vista)  Studio  logo:  and  Weujows  er< 


ViSOAl  SASIC 


i«iD£C# 


►'V  .£■  \»  .  ::t 


■ 


Vr.  :  .  '  - 


W& 


It  can’t  enforce 
correct  posture. 


mm 


%  *r.  m 

'.\V  % 

WB 


it* 


/'  . 


lA  v'*>  •■> 


-.  ..  _•■ 


«s» 


to  write  code”  technique  with  which  you’re  already  familiar.  Plus,  with  support  for  over  20  languages, 
Visual  Studio  .NET  lets  you  leverage  existing  code  and  skills  ensuring  you  have  the  most  appropriate 
language  available  for  the  task  at  hand.  Try  it  now:  log  on  to  a  fully  featured, 

free  online  hosted  session  at  msdn.microsoft.com/vstudio/tryit  ViSUdl  Studio  .flfJt 


witching  to  Visual  Studio  .NET,  I 

innwirlt*  Rnilriinp  Gnriofv  aliminateH  I 


By  switching  to  Visual  Studio  .NET, 
Nationwide  Building  Society  eliminated 
over 200,000  lines  of  legacy  code  from 
their  live  system.  The  switch  also  resulted 
in  easier  deployment  of  their  application, 
greater  scalability,  and  more  time  to 
focus  on  features  and  functionality. 


i 


As  unwanted  e-mail  eats  away  at 
productivity,  companies  turn  to 
technology  to  battle  the  threat, 
wh  ile  spammers  f  ig  ht  back  with 
new  tactics  to  get  their  messages 
through.  BY  MELISSA  SOLOMON 


YOU  KNOW  FROM  LOOKING  at 
your  e-mail  lately  that  it’s 
possible  to  be  debt-free,  have 
perfect  skin  and  be  a  babe 
magnet  —  with  a  little  help  from  your 
new  friends. 

But  at  least  employees  at  Stamford, 
Conn.-based  Xerox  Corp.  are  shielded 
from  such  revolutionary  offers  — 
though  the  process  hasn’t  been  easy. 
Last  summer,  Xerox’s  firewall  team  was 
blocking  150,000  spam  e-mails  a  month. 
By  early  fall,  it  was  60,000  messages  a 
day,  seven  days  a  week,  says  Linda 
Stutsman,  manager  of  corporate  infor¬ 
mation  security  and  risk  management. 

In  the  past  year,  spam  has  moved  be¬ 
yond  personal  e-mail  accounts,  invad¬ 
ing  business  systems  and  graduating 
from  societal  pest  to  corporate  enemy. 
Companies  are  stockpiling  their  arse¬ 
nals  —  lists  of  legitimate  senders  and 
known  spammers,  tools  that  pick  up  on 
spamlike  content  or  behavior,  digital 
fingerprints  and  decoy  e-mail  address¬ 
es  —  to  fight  this  invasion.  On  the  oth¬ 


er  side,  however,  new  and  resourceful 
recruits  lured  by  spam’s  promise  of  big 
financial  returns  are  constantly  devis¬ 
ing  counterattacks. 

“There’s  10  times  as  much  [corpo¬ 
rate]  spam  this  year  as  there  was  last 
year,”  says  Joyce  Graff,  an  analyst  at 
Stamford,  Conn.-based  Gartner  Inc. 
“It’s  mind-blowing.  And  the  economics 
are  on  the  spammers’  side.” 

And,  says  Jason  Catlett,  president  of 
Junkbusters  Corp.,  a  Green  Brook,  N.J.- 
based  antispam  organization,  the  prob¬ 
lem  is  getting  worse.  “Spam  is  growing 
at  a  slightly  faster  rate  than  e-mail  traf¬ 
fic,”  he  says  (see  chart,  next  page). 

Weapons  of  War 

The  spam  weapons  that  Graff  finds 
most  difficult  to  defend  against  are 
harvesting  tools.  For  $39.95,  marketers 
can  buy  a  “spambot”  that  searches 
message  boards  and  lists,  culling  up  to 
100,000  e-mail  addresses  in  an  hour. 
Spambots  also  get  into  the  relay  game 
with  organizations’  message  transfer 


agents  (MTA)  by  sending  messages 
to,  for  example,  georgebrown@ 
whitehouse.gov,  georgebuckley@ 
whitehouse.gov  and  so  on,  until  they 
find  matches. 

To  combat  these  spambots,  Graff  says, 
organizations  need  to  set  up  their  MTAs 
so  they  automatically  disconnect  as 
soon  as  they  detect  harvesting  attacks. 

But,  says  Steve,  a  Washington-based 
spammer  who  asked  to  be  identified 
by  only  his  first  name,  spammers  are 
continually  finding  —  and  sharing  — 
new  ways  to  hide  their  identities.  For 
instance,  he’s  created  a  filter-evading 
script  that  randomizes  subject  lines 
and  source  addresses  so  they’re  not 
easily  identified  as  bulk  mail.  Big-time 
spammers  buy  servers  that  can  ran¬ 
domize  entire  domains,  says  Steve. 

Spammers  scan  the  Internet  for 


What  Is  Spam? 

While  most  e-mail  users,  corporate  and 
otherwise,  have  developed  a  common 
aversion  to  spam,  they  have  a  far  more 
difficult  time  agreeing  on  what  exactly 
constitutes  spam.  The  following  are  types 
of  e-mail  generally  categorized  as  spam: 

Si  Unsolicited  bulk  e-mail 

*  Unsolicited  commercial  e-mail 

*  Chain  letters 

*  Duplicate  postings 

■  Pop-up  ads 

«i  Virus  warnings 

■  Banner  ads 

■  Jokes 

■  Internet  service  provider  information 


SOURCE:  “ISPS  AND  SPAM:  THE  IMPACT  OF  SPAM  ON 
CUSTOMER  RETENTION  AND  ACQUISITION. “  GARTNER  INC., 
STAMFORD.  CONN. 


open  relays  in  foreign  countries  so 
their  messages  will  be  hard  to  trace.  Or 
they  set  up  free  e-mail  accounts  and 
dump  them  before  they’re  caught. 
Spammers  can  blast  out  hundreds  of 
thousands  of  messages,  each  with  cus¬ 
tomized  content  and  source  addresses, 
and  then  quickly  log  out,  says  Mark 
Bruno,  enterprise  product  manager  at 
Brightmail  Inc.,  a  San  Francisco-based 
vendor  that  got  its  start  filtering  e-mail 
for  service  providers  but  has  since 
shifted  its  focus  to  corporations. 

Spammers  also  write  programs  that 
load  in  multiple  accounts  so  when  one 
account  is  terminated,  another  auto¬ 
matically  kicks  in,  says  Dan  Clements, 
CEO  of  CardCops.com,  a  Malibu, 
Calif.-based  online  credit  card  and  ad¬ 
vertising  fraud  watchdog  group. 

It  typically  takes  about  two  or  three 
months  from  the  time  companies  in¬ 
stall  antispam  software  until  they  can 
effectively  pick  up  on  patterns.  But 
once  they  do  so,  some  systems  can 
weed  out  90%  of  spam  with  a  less  than 
1%  false-positive  rate,  says  Joe  Fisher, 
senior  product  manager  at  Tumble¬ 
weed  Communications  Corp.,  a  Red¬ 
wood  City,  Calif. -based  messaging  se¬ 
curity  Firm.  And  then  vendors  and 
their  clients  need  to  keep  updating  the 
tools  to  stay  ahead  of  the  spammers. 

“They’re  just  making  my  job  harder,” 
says  Steve.  “But  for  them  to  stop  spam¬ 
mers  is  almost  impossible.  There’s  al¬ 
ways  going  to  be  some  guy  who  knows 
how  to  build  a  new  application,  and 
everyone’s  going  to  get  it.” 

Some  antispam  systems  claim  to 
stop  virtually  all  spam,  which  accounts 


www.computerworld.com 


TECHNOLOGY 


COMPUTERWORLD  November  11. 2002 


SPAM  ATTACK! 


WORLDWIDE  E-MAIl  MESSAGES  SENT  ANNUALLY 

1996 

1999 

2002 

2006 

BUSINESS 

130  billion 

920  billion 

3.33  trillion 

5.58  trillion 

PERSONAL 

100  billion 

660  billion 

2.15  trillion 

3.57  trillion 

TOTAL 

230  billion 

1.58  trillion 

5.48  trillion 

9.15  trillion 

THE  ABOVE  TOTALS  INCLUDE  THE  FOLLOWING  NUMBERS  FOR  SPAM  MESSAGES 


1996 

1999 

2002 

2006 

WORLDWIDE 

50  billion 

290  billion 

1.50  trillion 

2.92  trillion 

SOURCE:  "EMAIL  USAGE  FORECAST.  2002-2006:  KNOW  WHAT'S  COMING  YOUR 
WAY."  IDC,  FRAMINGHAM.  MASS. 


for  34%  of  all  e-mail.  These  systems 
contain  a  variety  of  components: 

■  Blacklists  that  compile  and  distrib¬ 
ute  IP  addresses  of  known  spammers. 
There  are  also  whitelists,  which  com¬ 
panies  can  build  to  identify  legitimate 
senders. 

■  Content-analysis  tools  that  look  for 
keywords. 

■  Behavioral-analysis 
tools  that  look  for  pat¬ 
terns  such  as  large  num¬ 
bers  of  recipients  or 
blind  copies. 

■  Address-validation 
tools  that  do  reverse  Do¬ 
main  Name  System  lookups  to  ensure 
the  sender  isn’t  trying  to  cloak  his 
identity. 

■  Digital  fingerprints  developed 
with  algorithms  and  heuristics,  to 
identify  and  block  or  filter  common 
spam  patterns. 

■  New  products  that  can  scan  for 


graphics  such  as  skin  tones  to  combat 
pornography,  but  those  tools  are  still 
in  their  infancy,  says  Mark  Levitt,  an 
analyst  at  IDC  in  Framingham,  Mass. 

Brightmail’s  probe  networks,  which 
are  getting  high  marks  from  analysts 
and  antispam  watchdogs,  consist  of 
dummy  accounts  set  up  through  vari¬ 
ous  Internet  service 
providers  and  corporate 
clients  to  attract  spam¬ 
mers.  Brightmail 
monitors  those  networks 
to  detect  new  tricks  of 
the  trade  and  continually 
evolves  its  antispam  rule 
book.  New  rules  are  distributed  and 
updated  in  clients’  systems  every  10 
minutes,  says  Ren  Chin,  director  of 
product  development  at  Brightmail. 

After  going  through  the  battery  of 
antispam  indicators,  a  good  filter  will 
assign  percentages  rating  the  probabil¬ 
ity  that  messages  are  spam,  says  Graff. 
Depending  on  the  comfort  level  of  the 
organization,  messages  above  a  certain 
level  can  be  automatically  deleted, 
while  others  can  be  stored  in  spam 
folders  for  IT  staff  or  users  to  review. 

“This  is  not  a  perfect  science,”  says 
Graff.  “If  some  product  claims  to  do 
100%,  run  away  from  it,  because  they 
don’t  know  what  they’re  doing.” 

Xerox  keeps  pace  with  new  commer¬ 
cial  tools,  but  so  far  it  has  stuck  with  its 
homegrown  antispam  system,  says 
Stutsman.  Xerox  also  subscribes  to 
blacklists.  About  75%  to  80%  of  Xerox’s 
spam  is  blocked  at  the  gate,  and  an  ad¬ 
ditional  20%  of  the  remaining  spam  is 
later  filtered  out,  says  Stutsman. 

Staying  Alert 

When  25%  or  more  of  Norfolk  South¬ 
ern  Corp.’s  inbound  e-mail  was  being 
identified  as  spam,  Tony  Samms  knew 
something  had  to  be  done. 

“It  was  a  very  hostile  environment,” 
says  Samms,  director  of  information 
security  at  the  Norfolk,  Va.-based 


SPAM  WEAPONS 

For  lists  of  online  antispam 
resources  and  prices  of  e-mail 
filtering  products,  visit  our  Web  site: 

©  QuickLinks  34114  and  34188 
www.computerworld.com 


freight,  natural  resources  and  telecom¬ 
munications  holding  company.  “Mes¬ 
sages  showed  pictures  of  people  hav¬ 
ing  sex  right  in  the  e-mail.” 

There  were  also  the  drains  on  em¬ 
ployee  productivity,  bandwidth  and 
storage  to  consider.  With  close  to 
10,000  users  and  an  average  of  30,000 
e-mails  per  day,  spam  had  become  a 
big  financial  problem. 

So  at  the  end  of  last  year,  Norfolk 
Southern  installed  IronMail  from  Ci- 
pherTrust  Inc.  in  Alpharetta,  Ga.  The 
tool  sits  on  Norfolk  Southern’s  gateway 
and  uses  an  array  of  filtering  strate¬ 
gies.  Even  with  the  filter,  though,  spam 
has  managed  to  get  into  Norfolk  South¬ 
ern’s  system,  so  employees  have  been 
building  a  local  deny  list  by  sending 
addresses  to  be  blocked  to  the  infor¬ 
mation  security  department. 

The  biggest  challenge  has  been 
avoiding  false  positives,  says  Samms. 
“We  don’t  want  to  block  good  e-mail, 
so  we  have  to  be  careful,”  he  says.  For 
instance,  one  employee’s  last  name  is 
Rape,  so  the  company  can’t  add  that  to 


its  list  of  words  to  be  filtered  out. 

Samms  says  the  25%  spam  rate  has 
been  reduced  to  about  1%  or  2%. 

Santa  Clara,  Calif.-based  Macro¬ 
vision  Inc.  has  opted  for  a  voluntary 
spam-fighting  program,  letting  end 
users  decide  whether  they  want  to  use 
the  PerlMx  filters  from  Vancouver, 
British  Columbia-based  ActiveState 
Corp.,  which  the  company  installed 
last  spring.  Then  they  customize  their 
filter  settings,  so  the  sales  representa¬ 
tives  can  keep  getting  newsletters  pep¬ 
pered  with  terms  like  invest  and  bar¬ 
gain,  for  example,  and  the  mailroom 
clerks  can  keep  solicitations  to  a  mini¬ 
mum,  according  to  Macrovision  sys¬ 
tem  administrator  Mike  Stevens. 

Stevens  hasn’t  calculated  the  return 
on  the  $10,000  investment,  but  he  says 
productivity  has  jumped.  “You  get  your 
return  on  investment  back  in  a  relatively 
short  time,”  he  says.  I 


Solomon  is  a  freelance  writer 
in  New  York.  Contact  her  at 
melissasolomon7@hotmail.com. 


THE  OTHER  SIDE 


MAIL  SERVER  APPLICATION  to  cloak  : 
your  identity:  $1,000.  Internet  service  • 

provider  account;  $10  a  month.  Bulk  mail-  \ 
ing  list:  $20.  For  a  midlevel  spammer  like  : 
“Steve,”  that  investment  can  be  recouped  : 
in  a  day.  j 

Six  years  ago,  Steve  bought  a  list  of 
e-mail  addresses  to  hit  with  pitches  from  : 
adult  Web  sites.  Since  then,  he’s  grown  : 
that  list  (and  its  value)  about  tenfold  by  j 
trading  with  other  spammers. 

And  there’s  the  spammer’s  most  pow-  : 
erful  tool:  his  cohorts. 

For  a  $29.99  membership  fee,  sites 
like  BulkBarn.com  offer  300,000  “fresh  - 
bulk  e-mail  addresses”  weekly  (1  million  : 
for  another  $20),  bulk  e-mail  starter  kits  : 
and  free  bulk  e-mail  software.  • 

“They  started  out  as  little  script  kiddies,  • 
and  they  turned  into  big  companies,” 

Steve  says.  “People  troubleshoot  there,  : 
just  like  any  other  business.” 

Big  business  it  is  -  with  all  the  pres¬ 
sures  that  suggests.  In  fact,  Steve  has  al-  j 
ready  entered  semiretirement  as  a  spam¬ 
mer  at  the  ripe  age  of  32.  Fie  took  a  job  : 
this  year  as  a  Microsoft  engineer  at  a 
Washington-based  government  agency,  j 
“I  was  getting  too  old  to  do  it  full  time,”  he  : 
says.  Still,  spamming  in  his  free  time,  he  : 
subsidizes  his  income  by  about  $40,000 
annually. 

The  problem  with  spam-fighting  tools 


is  that  they  wage  war  against  the  wrong 
enemies,  says  Dan  Clements,  CEO  of 
CardCops.com,  an  advertising  and  credit 
card  fraud  watchdog  group.  The  true  ben¬ 
eficiaries  of  spam  are  the  big  businesses 
that  pay  spammers  a  portion  of  their  rev¬ 
enues  to  bring  in  new  customers,  all  the 
while  turning  a  blind  eye  to  their  renegade 
marketing  tactics,  he  says. 

Steve  concurs,  and  he  even  has  lists  of 
sites  that  offer  little  or  no  resistance  to 
spamming.  As  long  as  he  can  zap  out 
400,000  adult  e-mail  messages,  get  30 
hits  and  collect  $1,000,  he'll  keep  at  it. 

While  the  spam  community  is  strong, 
so,  too,  is  the  antispam  community.  Orga¬ 
nizations  such  as  The  Spamhaus  Project 
and  the  Mail  Abuse  Prevention  System 
LLC  publish  information  on  known  spam¬ 
mers.  But  in  order  to  truly  wipe  out  spam, 
an  international  body  of  law  must  be  cre¬ 
ated,  says  Gartner  analyst  Joyce  Graff. 
And  that's  at  least  a  decade  off,  she  adds. 

In  the  meantime,  even  though  Steve 
wishes  away  the  junk  mail  that  clogs  his 
in-box,  he  still  benefits  from  the  way  the 
system  works. 

“I  hate  spam,”  he  says.  “I’ve  gotten 
death  threats.  People  have  threatened  to 
kill  my  dog. ...  But  when  you  make  a 
thousand  bucks  in  one  day,  you  could 
care  less.” 

-  Melissa  Solomon 


34  COMPUTESWORLD  November  11, 2002 


TECHNOLOGY 


www.computerworld.com 


Tuning  in  threats  -  and  tuning  out 
false  positives  -  requires  good  tools 
and  the  right  processes  and  policies 
to  manage  them.  By  Dan  Verton 


larger  defense-in-depth  security  archi¬ 
tecture.  He  uses  increasingly  tougher 
IDS  rules  as  traffic  passes  through  the 
network’s  rings  of  defense.  “If  you  set 
up  your  alerts  for  those  rings  that  are 
inside  the  outer  rings,  you’ll  have  few¬ 
er  alerts  to  reckon  with,”  Gorball  says. 


While  some  IDS  vendors  have  come 
out  with  systems  that  are  capable  of 
active  response  to  real-time  intrusions, 
Mike  Stute,  CTO  at  Global  DataGuard 
Inc.  in  Dallas,  recommends  that  users 
stay  away  from  this  feature.  “In  gener¬ 
al,  this  doesn’t  work  well.  Human  intel¬ 
ligence  is  required  to  respond  appro¬ 
priately,”  he  says. 

But  there  are  other  ways  you  can  in¬ 
advertently  kill  your  IDS  deployment 
project,  says  Gorball.  “When  you  first 
put  it  online,  you’re  going  to  want  to 
do  so  in  monitor  mode  to  make  sure 
the  rules  you’ve  set  up  will  not  ad¬ 
versely  impact  your  workflow  when 
you  put  it  into  an  active  state,”  he  says. 
“If  you  don’t  get  the  rules  exactly  right, 
you  could  leave  vulnerabilities  in  place 
or,  worse  yet,  kill  legitimate  traffic.” 

And  there’s  only  one  way  to  get  the 
rules  right,  says  Stute.  “It  takes  con¬ 
stant  human  involvement.  Tuning  re¬ 
duces  false  positives  but  creates  false 
negatives.  Once  someone  is  paged  30 
times  a  night  for  five  nights  and  finds 
that  in  all  cases  it  was  a  false  [alarm], 
most  administrators  will  just  remove 
that  signature  from  the 
database  and  call  it  good.”  I 


The  sound  of  intrusion-detec¬ 
tion  systems  (IDS)  sifting 
through  the  torrents  of  data 
entering  networks  and  sending 
alerts  about  hacker  attacks 
might  be  music  to  the  ears  of 
most  security  administrators.  But  if  the 
IDS  isn’t  tuned  properly,  those  alarms 
can  sound  like  fingernails 
scraping  a  chalkboard. 

Despite  better  event  corre¬ 
lation  and  centralized  management 
consoles,  fine-tuning  an  IDS  so  that  it 
detects  and  generates  alerts  about  only 
bona  fide  intrusions  remains  a  classic 
security  challenge.  The  answer  to  the 
IDS  tuning  dilemma  rests  not  so  much 
in  technology  but  in  people,  processes 
and  policies,  say  analysts  and  IT  secu¬ 
rity  professionals. 


IDS  TUNING 


nights,  and  an  IDS  that  is  constantly 
whining  about  things  that  are  OK,”  he 
says.  “Eventually,  it  cries  wolf  too  much 
and  the  overworked  network  adminis¬ 
trator  tunes  it  down,  weakens  the  rules 
or  doesn’t  check  the  logs  as  often.  I 
don’t  believe  this  problem  is  solvable.” 

Perhaps  not,  but  to  make  progress, 
you  should  know  what  you 
want  to  protect,  determine 
what  you’ll  do  if  an  incident 
is  detected  and  have  trained  IDS  ana¬ 
lysts  available,  says  Steve  Prather,  di¬ 
rector  of  network  services  at  ViaWest 
Internet  Services  Inc.  in  Denver. 

“Companies  tend  to  struggle  with 
their  IDS  most  when  they  have  not 
properly  tuned  their  system  to  their 
environment  and  their  security  policy,” 
says  Prather.  “In  some  cases,  a  compa¬ 
ny  may  even  try  to  implement  an  IDS 
without  first  putting  a  security  policy 
in  place.”  And  not  knowing  how  you 
should  respond  to  an  incident  can  be 
as  problematic  as  not  tuning  your  IDS 
properly,  he  says. 

“Much  of  an  IDS’s  effectiveness  re¬ 
lies  on  what  the  company  has  stated 
they  will  do  when  an  incident  occurs,” 
says  Prather.  “Who  responds  to  what 
type  of  alert?  At  what  level  do  we  shut 
off  connectivity  or  take  servers  down? 
This  means  a  company  needs  a  solid 
incident-response  procedure  for  their 
IDS  to  be  effective.” 

“It’s  more  than  just  intrusion 
detection;  it’s  intrusion  protec¬ 
tion,”  says  Jeff  Gorball,  senior 
vice  president  of  operations  at 
Kingland  Systems  Corp.,  a 
financial  sector  e-commerce 
service  provider  in  Clear  Lake, 

Iowa.  “You  have  to  ask  yourself, 

What  am  I  trying  to  protect,  and 
what  or  who  am  I  trying  to  protect 
against?” 

Gorball  set  up  his  IDS  as  part  of  a 


The  Right  Technology  Mix 

But  can  a  few  IDSs  alone  do  the  job? 
Not  by  a  long  shot,  say  experts.  For  ex¬ 
ample,  most  companies  should  have 
multiple  IDSs  deployed  throughout  the 
organization,  including  network-based 
IDSs,  which  monitor  network  connec¬ 
tions;  host-based  IDSs,  which  monitor 
server  and  workstation  activity;  and  a 
mix  of  signature-based  and  knowl¬ 
edge-based  IDS  technologies. 

Knowledge-based  IDSs  tune  them¬ 
selves  to  your  network  environment 
and  look  inward  to  learn  how  to  spot 
anomalies  or  unusual  behavior  —  a 
critical  capability  today,  when  most  se¬ 
curity  incidents  originate  from  inside 
the  firewall.  In  addition,  some  experts 
recommend  using  decoy  servers, 
called  honey  pots,  in  conjunction  with 
IDS  technologies  to  divert  an  intrud¬ 
er’s  attention  and  give  the  security 
staff  more  time  to  respond. 

“All  of  these  layers  need  to  be  pro¬ 
tected,”  says  Chris  Klaus,  chief  tech¬ 
nology  officer  at  Internet  Security 
Systems  Inc.  in  Atlanta.  “Do  not  rely 
on  just  network  IDS  or  server  and 
desktop  IDS.  They  need  to  be  looked 
at  holistically  and 
integrated  to 
maximize  pro¬ 
tection  against 
intruders.” 


Crying  Wolf 

IDSs  don’t  seem  to  work  unless  users 
have  the  time  to  stand  guard  with  them 
and  investigate  every  unusual  incident, 
no  matter  how  minor. 

IDS  tuning  involves  more  than  sim¬ 
ply  configuring  the  system  to  look  for 
port  scans  and  other  attack  signatures 
(software  code  that  indicates  malicious 
activity).  Each  IDS  must  be  tuned  to 
detect  incidents  that  are  pertinent  to 
the  specific  network  or  subnetwork  on 
which  it’s  deployed.  And  if  you  try  to 
detect  everything,  you’re  asking  for 
trouble,  says  Bill  “Ches”  Cheswick, 
chief  scientist  at  Lumeta  Corp.,  a  de¬ 
veloper  of  network  security  monitor¬ 
ing  software  in  Somerset,  N.J. 

“This  leaves  network  administrators 
with  two  problems:  An  IDS  that  misses 
some  things,  which  can  cause  sleepless 

IDS  IKHHQI.GOV  ADVANCES 

Vendors  tune-up  tools  to  tune  out  false  positives: 

OQuickLink  33134 

www.computerworld.com 


Motion  Compu  ting 


*  Mo., on  fomou1.no  Inc  AH  r.qhls  reserved  Motion  Computing  .s  a  trademark  oi  Motion  Computing.  Inc  m  .he  United  States  and  olhe.  countn.s  Inle;.  P^imlnkrt  Insule  and  .he  Mel  ogo  are  trade-.**  ec  reg.stered  trade 

©  2002  Motion  Computing,  me  ■  M i  jgnts _  ^  ( #nJ  0,her  coontri<1>  ‘Weight  represents  system  weight  measured  with  3  cell  20  WH.  battery  empty  PCMCIA  Mot.  and  no  pen  Actua'  system  we-ght  may  var,  depend-'  g 


marks  of  Intel  Corporation  or  .ts  subsidiaries  m  the  United 
on  component  and  manufacturing  variability 


Introducing  the  M1200  Tablet  PC 
from  Motion  Computing.  It's  the  large-screen,  lightweight  Hess  than  3  lbs.!|*  Pure  Tablet  PC  that's  designed  to  work  the  way 
you  do.  With  a  spacious  12.1-inch  screen  that's  35%  larger  than  the  10.4-inch  screens  of  other  tablets,  the  M1200  gives  you 
more  room  to  see,  more  room  to  write,  and  more  room  to  be  productive.  Powered  by  the  Mobile  Intel®  Pentium'  III  Processor-M. 
the  M1200  packs  all  the  power  and  functionality  of  a  PC  into  an  ultra-mobile  wireless  tablet  so  you  can  run  all  of  your  existing 
applications  from  anywhere.  Just  write  on  the  screen  with  your  pen,  type  with  a  keyboard  or  speak  into  the  microphone 
The  M1200  Tablet  PC  from  Motion  No  wonder  everyone's  talking  about  it.  Visit  www.motioncomputing.com  today 


m 


38  COMPUTERWORLD  November  11, 2002 


TECHNOLOGY 


www.computerworld.com 


Good 

Morning, 

Dave... 


The  Defense  Department  is  work 
ing  on  a  self-aware  computer. 
By  Kathleen  Melymuka 


Any  sci-fi  buff 

knows  that  when 
computers  become 
self-aware,  they  ulti¬ 
mately  destroy  their  creators. 
From  2001:  A  Space  Odyssey  to 
Terminator,  the  message  is 
clear:  The  only  good  self- 
aware  machine  is  an  un¬ 
plugged  one. 

We  may  soon  find 
out  whether  that’s  true. 

The  Defense  Advanced 
Research  Projects 
Agency  (DARPA)  is 
accepting  research 
proposals  to  create  the  first 
system  that  actually  knows 
what  it’s  doing. 

The  “cognitive  system” 
DARPA  envisions  would  rea¬ 
son  in  a  variety  of  ways,  learn 
from  experience  and  adapt  to 
surprises.  It  would  be  aware  of 
its  behavior  and  explain  itself. 
It  would  be  able  to  anticipate 
different  scenarios  and  predict 


and  plan  for  novel  futures. 

“It’s  all  moving  toward  this 
grand  vision  of  not  putting 
people  in  harm’s  way,”  says 
Raymond  Kurzweil,  an  artifi¬ 
cial  intelligence  guru  and  CEO 
of  Kurzweil  Technologies 
Inc.  in  Wellesley  Hills,  Mass. 
“If  you  want  autonomous 
weapons,  it’s  helpful  for  them 
to  be  intelligent.” 

Cognitive  systems 
will  require  a  revolu¬ 
tionary  break  from 
current  computer  evo¬ 
lution,  which  has  been 
adding  complexity  and  brittle¬ 
ness  as  it  adds  power. 

“We  want  to  think  funda¬ 
mental,  not  incremental  im¬ 
provements:  How  can  we 
make  a  quantum  leap  ahead?” 
says  Ronald  J.  Brachman,  di¬ 
rector  of  DARPA’s  Information 
Processing  Technology  Office 
in  Arlington,  Va.  Brachman 
will  manage  the  agency’s  cog¬ 


nitive  system  initiative. 

The  goal  is  to  create  sys¬ 
tems  that  take  better  care  of 
themselves,  and  some  manu¬ 
facturers  have  already  made 
small  advances,  Brachman 
points  out.  Software  that  tests 
itself  automatically  is  a  step  in 
the  right  direction.  So  is  soft¬ 
ware  that  walls  itself  off  to 
avoid  taking  down  the  larger 
system  in  case  it  crashes. 

Add  advances  in  speech 
recognition  and  machine 
learning,  and  there  may  be 
enough  “bits  and  pieces”  to 
achieve  the  critical  mass  nec¬ 
essary  for  a  real  breakthrough, 
Brachman  says. 

“You  get  enough  really 
smart  people  working  on  a 
really  hard  problem,  and  you 
get  outcomes  you  didn’t  really 
expect,”  he  adds.  “We’re  hop¬ 
ing  for  a  little  serendipity.” 

They’ll  need  it.  The  prob¬ 
lems  to  be  addressed  are  near¬ 
ly  as  imposing  as  the  dream. 
For  example: 

■  How  can  a  cognitive  sys¬ 
tem  learn  from  experience 
and  use  what  it  has  learned  to 
cope  with  new  situations? 

■  How  can  it  prioritize 
“standing  orders,”  given  com¬ 
plex  and  conflicting  goals? 

■  How  can  it  recognize  im¬ 
portant  low-frequency  events 
among  the  huge  amounts  of 
data  in  its  “experience?” 

■  How  can  it  use  context  to 
decipher  complex  actions, 
events  and  language? 

Undaunted 

Despite  the  challenges,  Brach¬ 
man  is  undaunted.  “DARPA  is 
about  looking  out  of  the  box, 
the  big  reach,”  he  says.  “If  we 
succeed,  we  can  change  the 
world  in  very  dramatic  ways.” 

Kurzweil  agrees.  “DARPA 
research  tends  to  be  visionary, 
and  [although  it]  provides 
building  blocks  for  future 
weapons  systems,  there’s  also 
applicability  throughout  soci¬ 
ety,”  he  says.  For  example, 
DARPA’s  research  and  devel¬ 
opment  on  advanced  commu¬ 
nications  led  to  the  Internet. 
Its  pattern-recognition  ad¬ 
vances  led  to  technology  that 
helps  guide  cruise  missiles, 
reads  electrocardiograms  and 
detects  computer  fraud.  The 
machine  vision  advances 


DARPA  has  funded  have  obvi¬ 
ous  value  for  satellites  and  air¬ 
craft  as  well  as  factory  robots. 

Brachman  says  cognitive 
systems  could  assist  or  replace 
soldiers  on  hazardous  duty  or 
civilians  responding  to  toxic 
spills  or  disasters.  It’s  not  pos¬ 
sible  to  preprogram  a  re¬ 
sponse  to  an  emergency,  but  a 
cognitive  system  could  size  up 
many  complex  variables  and 
chart  its  own  course.  A  system 
that  could  imagine  multiple 
scenarios  could  outsmart  ter¬ 
rorists  —  or  your  business 
competitors  —  by  envisioning 
actions  they  might  take  and 
assessing  each  for  plausibility 
and  impact.  People  can  be 
blinded  by  prior  experience 
and  biases,  Brachman  notes, 
but  a  computer  with  no  pre¬ 
conceptions  could  show  hu¬ 
mans  how  to  think  differently. 

Moreover,  self-explaining, 
self-debugging  systems  would 
require  virtually  no  training 
and  little  maintenance.  They 
would  learn,  not  crash,  when 
faced  with  a  new  situation. 

But  what  about  HAL  9000 


and  the  other  fictional  com¬ 
puters  that  have  run  amok?  “In 
any  kind  of  technology  there 
are  risks,”  Brachman  acknowl¬ 
edges.  That’s  why  DARPA  is 
reaching  out  to  neurologists, 
psychologists  —  even  philoso¬ 
phers  —  as  well  as  computer 
scientists.  “We’re  not  stum¬ 
bling  down  some  blind  alley,” 
he  says.  “We’re  very  cognizant 
of  these  issues.” 

The  solicitation  is  open  to 
anyone,  and  DARPA  won’t 
speculate  about  who  might 
step  forward,  for  fear  of  limit¬ 
ing  responses. 

The  project  will  have  a 
three-  to  five-year  life  —  long 
enough,  Brachman  hopes,  to 
prove  the  value  and  plausibili¬ 
ty  of  the  concept.  “We  don’t 
expect  a  full-fledged  artificial 
assistant  in  four  years,”  he  says, 
“but  that  should  be  enough 
time  to  start  getting  some  con¬ 
crete  indications  that  some  of 
these  dreams  are  possible.”  • 


Melymuka  is  a  Computerworld 
contributing  writer.  Contact  her 
at  kmelymuka@earthlink.net. 


Freewheeling 
Zealots  in  Pursuit 
Of  Their  Goals 

DARPA  is  an  anomaly  in  the  fed¬ 
eral  government:  an  agency  de¬ 
signed  and  operated  to  be  small 
and  nimble  -  a  counterpoint  to 
traditional  Defense  Department 
thinking  and  procedure. 

Established  in  1958  in  re¬ 
sponse  to  Sputnik,  DARPA's  mis¬ 
sion  is  to  apply  state-of-the-art 
technology  for  military  purposes 
and  to  keep  the  U.S.  from  being 
surprised  again.  But  its  initiatives 
have  had  broader  applications. 
For  example,  DARPA  was  instru¬ 
mental  in  the  development  of  the 
mouse,  hypertext,  TCP/IP  proto¬ 
cols  and  the  Internet  itself. 

Reporting  to  the  director  for 
defense  research  and  engineer¬ 
ing,  DARPA  remains  small  (240 
people),  flat  and  free  of  bureau¬ 
cracy.  It  has  a  $2  billion  budget 
and  140  technical  staffers  drawn 
from  industry,  academia  and 
government  labs  and  research 
centers  for  three  to  five-year  ro¬ 


tations  to  ensure  a  constant  in¬ 
flux  of  fresh  thinking. 

Projects  such  as  DARPA’s 
cognitive  systems  initiative  are 
typically  funded  at  $10  million  to 
$40  million  over  four  years,  with 
one  program  manager,  five  to  10 
contracting  organizations  and 
two  universities  working  toward 
one  goal.  Although  a  new  project 
may  later  be  started  in  the  same 
area  as  one  that  has  ended,  it 
isn’t  an  extension  and  Hist  win 
approval  on  its  own  merits. 

According  to  DARPA,  pro¬ 
gram  managers  are  selected  to 
be  “technically  outstanding  and 
entrepreneurial,  freewheeling 
zealots  in  pursuit  of  their  goals.” 
And  senior  management  has 
protected  their  independence  to 
enable  them  to  investigate  ideas 
and  approaches  that  the  tradi¬ 
tional  R&D  community  finds  too 
outlandish  or  risky.  Aside  from 
the  requirement  that  taxpayer 
funds  are  used  responsibly, 
there  are  virtually  no  rules,  and 
failure  is  acceptable  if  the  poten¬ 
tial  payoff  is  high  enough. 

-  Kathleen  Melymuka 


FUTURE 

WATCH® 


i 


f 

I 


BOOK 


PETER  HftRBIHGTOH 
PLAY  TO  WIN? 


(©server 

Winning  with  e-commerce:  There’s  something  new  at  London’s  antiquarian  book  dealer  Peter 
Harrington.  They’re  selling  25%  of  their  volume  on  the  Web.  Their  platform?  The  easy-to-manage 
IBM  (©server  xSeries™  Select  xSeries  models  feature  the  Intel®  Xeon™  processor  to  give  you  superior 
performance  and  cost-effectiveness.  For  a  complimentary  IDG  report  on  how  growing  companies  are  using 
IT  to  advance  their  business,  go  to  ibm.com/eserver/peterharrington  (£*) fwsiri&s  is 


All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only  Costs  and  results  obtained  in  other  customer  environments  will  vary  depe 
on  individual  customer  configurations  and  conditions.  IBM.  the  e-business  logo,  e-business  is  the  game.  Play  to  win  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Busin 
Intel,  the  Intel  Inside  logo  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  Other  company,  product  and  service  r 
or  service  marks  of  others.  ©2002  IBM  Corporation.  All  rights  reserved. 


(©server 


Linux’  ready  with  self-managing  features  for  every  e-business. 


Inter-based  /  xSeries™ 

It’s  an  affordable  and  powerful 
combination  of  mainframe- 
inspired  reliability  and  smart 
systems  management  tools. 


UNIX*  /  pSeries™ 

Highly  available,  highly  affordable 
and  highly  coveted.  The  pSeries  is 
the  platform  of  choice  for  powerful 
UNIX  and  Linux  solutions. 


Midrange  /  iSeries*' 

Brings  easy-to-deploy,  plug  and 
play  e-business  to  your  business. 
Sophisticated  technology  that's 
easy  to  manage  and  Linux  ready. 


Mainframe  /  zSeries™ 

Maximum  reliability,  maximum  power, 
maximum  flexibility.  Designed  for  up 
to  99.999%  uptime1  to  handle  the 
demands  of  today’s  e-businesses. 


Consolidate.  Cut  costs.  Be  available.  At  Nintendo,  games  are  a  highly  competitive  business.  So  they  look  for  any 
edge  they  can  get.  By  consolidating  their  core  business  applications  onto  one  IBM  (©server  iSeries,  Nintendo  now 
enjoys  near  100%  availability,2  and  expects  to  save  substantially  on  hardware  maintenance  and  software  costs.  For 
a  guide  on  server  consolidation,  head  to  ibm.com/eserver/nintendo  ess  is  l fa  <**/*£. 


’Requires  Parallel  Sysplex*  environment  2Excludes  scheduled  downtime.  All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in 
other  customer  environments  will  vary  depending,  among  other  things,  on  individual  customer  configurations  and  conditions.  IBM,  the  e-business  logo,  e-business  is  the  game.  Play  to  win.  iSeries,  pSeries.  xSeries,  zSenes 
and  Parallel  Sysplex  are  trademarks  or  registered  trademarks  ot  International  Business  Machines  Corporation  in  the  United  States  and-br  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds  Intel  is  a 
registered  trademark  ot  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  UNIX  is  a  registered  trademark  ot  The  Open  Group.  Other  company,  product  and  service  names  may  be  trademarks  or 
service  marks  of  others.  ©  2002  IBM  Corporation.  All  rights  reserved. 


40 


CQMPUTERWQRLD  November  11, 2002 


TECHNOLOGY 


Stalkina  Elusive 


AccessPoints 


An  integrity  checker  reinforces  security 
walls,  but  rogue  APs  continue  to  open  holes 
from  within.  By  Mathias  Thurman 


Lately  tve  been  having 
a  problem  getting  Trip¬ 
wire  and  our  enterprise 
backup  software  to  work 
together. 

I  recently  purchased  the 
file-integrity-checking  soft¬ 
ware  from  Portland,  Ore.- 
based  Tripwire  Inc.  to  serve  as 
an  additional  security  layer 
after  recent  mergers  wreaked 
havoc  with  my  company’s 
intrusion-detection 
system  infrastructure. 

The  problem  in¬ 
volved  the  backup 
software’s  manipula¬ 
tion  of  file  attributes, 
which  in  turn  led 
Tripwire  to  generate 
false  alerts.  We  tweaked  the 
policy  files  as  a  work-around. 

That  problem  resolved,  I 
still  had  to  roll  out  the  Trip¬ 
wire  agents  to  all  of  our 
servers.  To  aid  in  the  distribu¬ 
tion  of  those  Tripwire  agents, 

I  created  a  Web  site  with  in¬ 
stallation  software  and  in¬ 
structions.  For  each  distribu¬ 
tion,  I  created  either  a  shell 
script  or  batch  file  that  auto¬ 
mates  the  installation  process 
on  our  Unix  and  Windows  NT 
servers. 

Now  when  we  direct  sys¬ 
tems  administrators  to  install 
these  applications  on  a  sys¬ 
tem,  we  can  point  them  to  the 
Web  site.  They  then  down¬ 
load,  extract  and  run  the  script 
or  batch  file,  and  the  software 
installs  itself  automatically. 
After  the  install  is  completed, 
the  administrator  contacts  the 
SecurlD  or  Tripwire  adminis¬ 
trator,  who  adds  the  resource 
to  the  appropriate  application 
management  console. 

Meanwhile,  my  efforts  to 
build  an  enterprise  wireless 
LAN  —  and  eliminate  unau¬ 


thorized  WLAN  installations 
companywide  —  seems  to 
take  a  new  twist  every  day.  I’m 
still  evaluating  products,  but 
my  shortlist  includes  Cisco 
Systems  Inc.’s  Aironet  hard¬ 
ware  and  San  Mateo,  Calif.- 
based  AirWave  Wireless  Inc.’s 
AirWave  Management  Plat¬ 
form  software. 

Unfortunately,  the  Cisco 
access  points  (AP)  don’t  sup¬ 
port  rogue  AP  de¬ 
tection,  and  the 
salesperson  says 
that  won’t  happen 
until  next  year.  Con¬ 
sidering  the  prob¬ 
lems  I’ve  been  hav¬ 
ing  with  users  in¬ 
stalling  unauthorized,  inse¬ 
cure  APs,  rogue  AP  detection 
is  high  on  my  list  of  desired 
features.  In  fact,  I  won’t  agree 
to  deploy  a  WLAN  infrastruc¬ 
ture  without  it. 

If  we  do  choose  Cisco,  it 
will  be  because  of  the  com¬ 
pany’s  market  position.  It’s 
financially  stable,  our  compa¬ 
ny  already  has  a  relationship 
with  it,  and  we  know  we  can 
count  on  Cisco  for  support. 

In  contrast,  the  other  compa¬ 
nies  we’ve  looked  at  are  all 


Rogue  AP  detection 
is  high  on  my  list 
of  features.  In  fact, 

I  won’t  agree  to 
deploy  a  WLAN 
infrastructure 
without  it. 


small  and  management  has 
been  reluctant  to  purchase 
equipment  from  them. 

Until  we  have  a  WLAN  sys¬ 
tem  with  rogue  AP  detection 
capabilities,  I’m  still  stuck 
finding  a  way  to  locate  those 
illegal  APs  I’ve  detected  in 
our  buildings.  These  APs  are 
configured  with  wide-open 
security  settings,  providing 
open  on-ramps  to  our  LAN 
infrastructure. 

I  detected  them  by  equip¬ 
ping  my  Compaq  iPaq  with  an 
AirMagnet  Handheld  PC  Card 
and  detection  software  from 
Mountain  View,  Calif. -based 
AirMagnet  Inc.  I  can  pick  up 
the  signals,  but  I  can’t  tell 
where  the  APs  are.  A  manage¬ 
ment  e-mail  demanding  the 
removal  of  these  devices 
seems  to  have  had  the  oppo¬ 
site  effect. 

Homemade  Tools 

My  initial  attempts  at  finding 
the  rogue  devices  via  some  of 
the  known  LAN  media  access 
control  (MAC)  addresses 
were  unsuccessful,  due  to 
some  outdated  wiring  closet 
maps.  So  I  decided  to  try  to 
pinpoint  the  locations  using 
wireless  technology.  AirMag¬ 
net  uses  an  omnidirectional 
antenna.  I  needed  a  direction¬ 
al  antenna  to  zero  in  on  the 
exact  source  of  the  signal.  Ini¬ 
tially  I  was  going  to  buy  one, 
but  after  hearing  from  readers, 
I  decided  to  try  making  one 
myself.  I  used  instructions  I 
read  in  Rob  Flickenger’s  web¬ 
log  ( www.oreillynet.com/cs/ 
weblog/view/wlg/448 ). 

Although  Flickenger  used  a 
Pringles  potato  chip  can,  I 
substituted  a  metal  tennis  ball 
can,  as  suggested  by  readers.  It 
didn’t  work.  I  assembled  the 
thing  as  instructed,  placed  a 
Cisco  Aironet  AP1200  in  an 
unoccupied  office  and  tried  to 
use  my  device  to  home  in  on 
the  signal.  The  readings  were 


inconsistent.  So  much  for  sav¬ 
ing  money. 

Purchasing  a  commercial  di¬ 
rectional  antenna  could  be  my 
next  step,  but  it  may  be  more 
efficient  to  find  these  APs  by 
using  the  LAN  MAC  addresses 
and  tracing  those  back  through 
our  Cisco  switches  to  the  local 
wall  jack.  This  should  at  least 
work  in  those  building  areas 
where  I  have  accurate  wiring 
maps.  But  the  APs  have  both 
radio  and  LAN  MAC  address¬ 
es,  which  differ  from  each  oth¬ 
er,  and  I  can  detect  only  the  ra¬ 
dio  address.  I  need  some  way 
to  match  up  that  radio  address 
to  the  LAN  MAC  address  I  can 
see  on  the  switches. 

I  thought  I  found  a  way  to  do 
this.  The  first  three  octets  (24 
bits)  of  any  MAC  address  form 
the  organizationally  unique 
identifier  (OUI).  By  looking  up 
this  number  in  an  IEEE  Web 
site  registry,  you  can  determine 
the  AP  manufacturer’s  name. 
That  should  have  made  discov¬ 
ering  an  AP’s  LAN  address  eas¬ 
ier,  since  the  vendor  name  on 
the  radio  and  LAN  MAC  ad¬ 
dresses  should  be  the  same  — 
and  the  vendors  of  the  con¬ 
sumer-grade  rogue  APs  most 
likely  will  differ  from  those  of 
our  regular  LAN  hardware. 

Unfortunately,  I  discovered 
that  the  vendor’s  name  may 
not  be  the  one  that  appears  on 
the  OUI,  and  even  the  OUI 
names  in  the  radio  and  LAN 
MAC  addresses  can  differ.  I 
experimented  with  an  AP  from 
Rockville,  Md.-based  3e  Tech¬ 
nologies  International  Inc. 
After  querying  the  IEEE  data¬ 
base,  I  discovered  that  the  ra¬ 
dio  OUI  was  registered  to  one 
Taiwanese  company  and  the 
LAN  OUI  to  another.  Neither 
identified  3e  Technologies. 

So,  has  anyone  got  a  better 
idea?  I  welcome  your  com¬ 
ments  in  the  security  forum.  > 


WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real 
security  manager,  “Mathias  Thurman," 
whose  name  and  employer  have  been 
disguised  for  obvious  reasons.  Contact  him 
at  mathiasJhurman@yahoo.com,  or  join  the 
discussion  in  our  forum: 

QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 

©  computerworld.com/secjournal 


SECURITY 
MANAGER’S 
JOURNAL a 


www.computerworld.com 


SECURITY  LOG 


Security  Bookshelf 


■  Network  Intru¬ 
sion  Detection 
(3rd  Edition),^ 
Stephen  Northcutt 
and  Judy  Novak; 
New  Riders  Pub¬ 
lishing,  2002. 


Network  Intrusion 
Detection 


Anyone  who’s  had 
the  pleasure  of  attending 
one  of  Stephen  Northcutt’s 
SANS  Institute  classes  will  find 
this  book’s  approach  quite  fa¬ 
miliar.  Northcutt  gives  the 
reader  enough  information  to 
hit  the  ground  running  with  the 
TCPdump  and  Snort  intrusion- 
detection  tools.  He  offers  ex¬ 
amples,  screen  dumps  and 
techniques  to  run  a  network 
intrusion-detection  system 
(IDS).  Although  the  author 
focuses  on  using  the  Snort  util¬ 
ity,  the  concepts  apply  to  any 
network-based  IDS.  This  book 
is  a  must-have  for  any  security 
practitioner’s  reference  set. 

-Mathias  Thurman 


Firewall  Informant 

Blade  Software  Inc.  in  San 
Francisco  has  released  Fire¬ 
wall  Informer,  a  tool  for  test¬ 
ing  firewall  security.  The  Win¬ 
dows-based  software  can 
perform  stateful,  bidirectional 
testing  of  firewall  configura¬ 
tions.  It  sells  for  $2,000  per 
user,  and  per  firewall. 


Traffic  Report 


Check  Point  Software  Tech¬ 
nologies  Ltd.  in  Redwood  City, 
Calif.,  has  announced  Smart- 
View  Reporter  and  SmartView 
Monitor,  software  that  watch¬ 
es  Internet  traffic  for  greater 
security  analysis.  Reporter, 
priced  starting  at  $2,000,  lets 
security  managers  sift  through 
data  in  multiple  gateways  in  a 
company  using  customizable 
and  automatic  reports.  Moni¬ 
tor  offers  real-time  informa¬ 
tion  about  performance,  avail¬ 
ability  and  virtual  private  net¬ 
work  (VPN)  and  firewall  secu¬ 
rity.  Monitor  offers  a  graphic 
display  of  200  performance 
measures  and  a  real-time 
analysis  of  bandwidth  and 
latency  across  VPN  links. 


Who's  to  say  one  backup  technology  is  better  thar 
How  about  the  leading  OEMs  who  offer  it 


The  top  manufacturers  continue  to  adopt  Travan"  technology  for  entry-level  server  backup.  You'll  say  the  same 
thing.  Because  no  other  tape  backup  solution  compares  to  Travan  technology  s  combination  of,  capacity,  cost-efficiency 
and  dependability.  Consider  the  new  Travan  40  data  cartridge.  Offering  up  to  40GB  capacity,  it  gives  growing 
businesses  plenty  of  flexibility  and  a  clear  migration  path.  And  the  only  thing  as  stable  as  Travan  technology  is  its 
future.  Travan  technology  is  everything  you’d  expect  from  a  company  witht  50  years  of  tape  storage  expertise.  If  ybu 
have  questions,  answers  await  at  www.imation.com/travan 

©Imation  2002.  Imation  the  Imation  logo,  Travan  and  the  Travan  logo  are  trademarks  of  Imatid^H 


VAN 


42  COMPBTERWORID  November  11,  2002 


TECHNOLOGY 


www.computerworld.com 


Brio  Software 
Launches  Business 
Intelligence  Suite 


Last  week,  Santa  Clara,  Calif.- 
based  business  intelligence  appli¬ 
cations  provider  Brio  Software 
Inc.  announced  its  Brio  Perfor¬ 
mance  Suite  8.  The  product  of¬ 
fers  a  consistent  interactive  user 
interface  across  all  its  tools,  as 
well  as  integrated  reporting  and 
business  intelligence  features. 
Pricing  starts  at  $150,000  for  the 
entire  suite.  The  software  will  be 
generally  available  next  month. 


Cisco  Offers 
Ethernet  Switch 
Upgrade 

Cisco  Systems  Inc.  last  week  an¬ 
nounced  the  Cisco  Catalyst  2950 
Long-Reach  Ethernet  Switch  to 
provide  networkwide  intelligence 
such  as  quality  of  service,  net¬ 
work  availability  and  network 
security  over  existing  telephone 
lines  for  small  and  midsize  busi¬ 
nesses  and  multitenant  buildings. 

Long-Reach  Ethernet  switching 
has  been  available  for  18  months, 
providing  bandwidth  of  2M  to 
15M  bit/sec.  over  existing  copper 
wiring  for  up  to  5,000  feet.  The 
new  2950  adds  Layer  3  and  4 
network  intelligence  features. 
Pricing  for  an  eight-port  switch  is 
$1,895  and  for  a  24-port  switch 
is  $4,495.  Both  are  scheduled  to 
become  available  next  month. 


Trucker  Converts 
Vehicles  to  Aether 
MobileMax 

Owings  Mills,  Md. -based  Aether 
Systems  Inc.  has  announced  that 
carrier  J&R  Schugei  Trucking  Inc. 
in  New  Ulm,  Minn.,  has  equipped 
its  entire  fleet  of  600  trucks  with 
the  Aether  MobileMax  system  for 
wireless  vehicle  tracking  and 
messaging.  The  MobileMax  sys¬ 
tem  transmits  dispatch  and  data 
messages  and  Global  Positioning 
System  reports.  It  also  provides 
data  on  state-line  crossings, 
vehicle  fault  codes  and  driver 
performance. 


NICHOLAS  PETRELEY 


PHP  and  Python 
Hit  Prime  Time 


IT’S  STRANGE  TO  SAY  that  PHP  (Hypertext  Pre¬ 
processor)  has  only  recently  reached  the  point 
where  it’s  ready  for  prime  time,  since  PHP  is 
already  the  most  popular  Apache  module,  run¬ 
ning  on  almost  10  million  domains  (over  a  mil¬ 
lion  IP  addresses). 


Nevertheless,  I’ve  had 
some  reservations  about 
PHP  until  recently,  espe¬ 
cially  with  respect  to  po¬ 
tential  security  holes.  Then 
I  downloaded  and  installed 
the  latest  version  of  FUD- 
forum,  an  open-source 
PHP-based  Web  discussion 
forum  package  I  use  for  my 
nonprofit  Web  site,  Var- 
Linux.org.  You  can  get  an 
idea  of  what  FUDforum 
looks  like  by  visiting  www. 
varlinux.org/forum.  But  what  you 
should  really  examine  is  the  PHP  code 
behind  FUDforum,  which  you  can 
download  from  http://fud.prohost.org. 

At  some  point  when  I  wasn’t  look¬ 
ing,  PHP  matured  to  a  point  where  one 
could  easily  avoid  the  security  holes 
that  plagued  some  old  PHP  programs. 
This  is  especially  true  if  you  take  an 
object-oriented  approach  to  building 
your  PHP  applications. 

Another  good  example  of  high-qual¬ 
ity  PHP  programming  is  php WebSite 
( http://phpwebsite.appstate.edu ),  a 
Web  content  management  system  with 
several  good  snap-in  expansion  mod¬ 
ules,  including  one  that  lets  you  create 
e-mail  accounts  for  CommuniGate 
Pro,  an  increasingly  popular  drop-in 
replacement  for  Microsoft  Exchange. 
The  CommuniGate  Pro  e-mail  and 
groupware  server  ( www.stalker.com ) 
has  a  built-in  Web  interface  for  e-mail 
that  you  can  integrate  into  the  site  you 
manage  with  php  WebSite. 

The  only  thing  I  haven’t  yet  seen 


done  well  in  PHP  is  an 
open-source  Web-based 
groupware  application.  Ya¬ 
hoo  did  a  pretty  good  job 
designing  its  Web-based 
calendar  ( http://calendar : 
yahoo.com ).  It  even  allows 
you  to  synchronize  your 
data  with  a  Palm  device. 
But  most  IT  departments 
are  going  to  want  to  host 
their  own  calendars  and 
groupware,  and  if  there’s 
anything  that’s  been  done 
in  PHP  that  is  of  comparable  quality  to 
what  Yahoo  came  up  with,  I  haven’t 
found  it.  There  is  at  least  one  decent 
commercial  offering,  Internal  Affairs 
( www.internalaffairs.de/en/ ),  and  sev¬ 
eral  open-source  projects  are  in  the 
works,  a  promising  one  being  PHProj- 
ekt  ( www.phprojekt.com ).  But  none  of 
the  ones  I’ve  tried  exploit  the  maxi¬ 
mum  potential  of  the  PHP  platform. 

Love  That  Python 

Of  course,  there’s  more  to  life  than 
PHP.  One  of  my  favorite  programming 
languages  is  Python  ( www.python.org ). 
It  seems  I  don’t  go  a  week  these  days 
without  someone  asking  me  what  I 
know  about  Python,  so  it  seems  to 
be  gaining  quite  a  following  in  main¬ 
stream  IT. 

Admittedly,  Python  is  a  love-it-or- 
hate-it  language,  but  those  who  love  it 
claim  to  be  far  more  productive  than 
with  any  other  language.  Being  on  the 
love-it  end  of  the  spectrum,  I’d  argue 
that  it’s  a  well-founded  claim. 


But  Python  hasn’t  gotten  much  past 
the  promising  stage  for  Web  applica¬ 
tions  development.  Until  recently, 
Webware  has  been  the  best  choice  for 
Python  programmers  (http://webware. 
sourceforge.net/).  Webware  is  very 
nicely  done,  but  its  one  weakness  is 
that  you  need  to  run  a  Python-based 
application  server  in  parallel  to  your 
Web  server.  In  contrast,  PHP  inte¬ 
grates  directly  into  the  Apache  Web 
server  through  a  plug-in  module. 

There’s  nothing  inherently  wrong 
with  the  Webware  approach,  but  it  is 
difficult  to  tell  how  much  overhead 
Webware  will  add  to  your  applica¬ 
tions.  Webware  simply  hasn’t  been 
around  the  block  as  many  times  as 
comparable  Java-based  application 
servers. 

Spyce  is  a  newcomer  to  the  Python 
Web  applications  approach,  and  it  may 
not  only  push  Webware  off  the  map,  it 
could  also  eventually  give  PHP  a  nm 
for  its  money  (http://spyce. source- 
forge. net).  Spyce  lets  you  embed 
Python  code  into  your  HTML  in  basi¬ 
cally  the  same  way  you  would  if  you 
used  Webware  and  Python  Server 
Pages.  But  Spyce  doesn’t  need  a  sepa¬ 
rate  application  server  to  work.  Spyce 
piggybacks  off  the  Python  or  fast-CGI 
modules  available  for  Apache. 

I  haven’t  done  much  more  than  a 
few  minor  exercises  with  Spyce,  but 
so  far  I’m  extremely  impressed.  The 
library  of  Web  features  for  session 
management,  cookies,  forms,  pooled 
variables  and  other  Web  applications 
goodies  makes  it  surprisingly  easy  to 
toss  together  a  prototype  to  see  if  it’s 
worth  using  for  your  next  project.  If 
you  even  have  a  passing  interest  in 
Python,  I  recommend  that  you  give 
Spyce  a  look,  k 

WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives,  go  to: 

www.computerworld.com/opinions 


c  Si 


Gateway  Profile  4l 

15"  TFT  LCD  Display  •  Intel®  Pentium®  4  Processor  2.00GHz  *  128MB 
DDR-SDRAM  •  40GB  Ultra  ATA  Hard  Drive  •  Integrated  10/100 
Ethernet  *  Integrated  Stereo  Speakers  •  Integrated  32MB  NVIDIA® 
GeForce2'  MX 400  •  Intel®  LANDesk®  Client  Manager  Software  6.3 
Microsoft®  Windows®XP  Professional  *  3-Year  Limited  Warranty’ 

51499 


Gateway  e-6000 

Intel®  Pentium®  4  Processor  2.00GHz  •  256MB  RDRAM  •  40GB 
Hard  Drive  •  32MB  NVIDIA®  GeForce2™  MX200  AGP  Graphics  •  48X 
CD-ROM  •  Integrated  10/100  Ethernet  •  Intel®  LANDesk®  Client 
Manager  Software  6.3  •  Microsoft®  Windows®XP  Professional 
51289  Upgrade  to  a  17”  flat-panel  display,  for 


i 


■rJy* 


Twenty-four  hours  a  day.  Seven  days  a  week.  Gateway's  new  computers  are  wearing  a  power  suit. 
Because  not  only  do  they  look  sharp,  they  also  exhibit  the  performance  and  versatility 
your  business  needs  in  a  network  PC.  With  their  stable  platforms  and  Intel®  Pentium4  4  processors, 
Gateway's  computers  are  easy  to  maintain,  easy  to  upgrade  and  even  easy  on  the  budget. 


A  better  way. 


pentium  Zf 


Goto  gateway.com  or  call  1-888-203-4557 

.  ■  '  ..*/*”’  • 

■..i:  AOL  Keyword: Gateway 


Gateway  recommends  Microsoft®  Windows@XP  Professional  for  Business, 


*  7  'j 


PRODUCED  1) 


COMPUTERWORLD 

CUSTOM  PUBLISHING 


ENDORSED  BY 

^2snia 


www.  snwonline .  com/300 


Finding  the  T  in  TCO 

Calculating  the  total  cost  of  ownership 
for  desktop  systems  is  becoming  a  tricky 
task,  as  workers’  desktops  often  comprise 
more  than  just  a  PC.  IT  departments 
must  now  figure  in  costs  associated  with 
laptops,  PDAs,  cell  phones  and  wireless 
service  connections.  Page  48 


A  Squeezed  Supplier  Never  Forgets 

Anyone  can  cut  supplier  costs  in  a  buyer’s 
market.  Suppliers  expect  you  to  play  hard¬ 
ball,  demanding  significant  price  cuts. 

But  don’t  squeeze  too  hard.  It’s  bound  to 
leave  your  suppliers  angry  and  waiting  for 
revenge,  advises  columnist  Bart  Perkins. 
Page  52 


QUOTE  OF  THE  WEEK 

CIOs  have  become  very  risk-averse _ The 

best  way  to  not  have  things  blow  up  is  to 
not  put  new  things  in  the  mix.  There’s  a  challenge 
for  CIOs  to  move  to  being  focused  on  how  tech¬ 
nology  can  help  . . .  major  business  initiatives. 

-  John  Hagel  III,  consultant  and  book  author,  on  the  reluctance 
of  investing  in  Web  services.  Page  52 


I 


Mimi  moran’S  IT  client  services  group 
handles  all  the  moves,  adds  and 
changes  for  hardware  and  software  at 
the  Framingham,  Mass.,  offices  of 
Genzyme  Corp.,  a  biotech  company. 
All  51  people  in  the  group  have  badges 
that  allow  access  to  Genzyme  buildings,  offices,  cafe¬ 
teria,  closets  and  cubicles.  They  all  use  passwords  to 
roam  through  the  corporate  intranet  and  most  sys¬ 
tems.  But  30  of  them  aren’t  Genzyme  employees  at 
all.  They’re  contractors  from  Siemens  Business  Ser¬ 
vices  Ltd.  in  Berkshire,  England. 

Moran,  director  of  IT  client  services,  makes  virtu¬ 
ally  no  distinction  between  her  Genzyme  and  Sie¬ 
mens  employees.  “If  you  deny  them  access  to  your 
business  and  your  systems  and  then  ask  them  to  han¬ 
dle  the  technology,  how  are  they  going  to  do  it?”  she 
asks.  “We  don’t  make  a  distinction.  It’s  a  trust  thing.” 

Some  would  say  Moran  is  asking  for  trouble.  “A 
manager  who  says  vendors  are  part  of  the  team  has 
drunk  the  Kool-Aid,”  says  Phil  Bode,  director  of  train¬ 
ing  at  International  Computer  Negotiations  Inc.,  an 
IT  procurement  consulting  firm  in  Winter  Park,  Fla. 

Bode  says  vendor  services  people  are  also  infor¬ 
mation  gatherers  who  learn  everything  they  can 
about  customer  operations  and  report  it  back  to  their 
vendor  employer. 

“Vendors  are  in  business  to  make  money  and  to 
grow  sales,”  says  Larry  Graham,  vice  president  of 
IT  vendor  management  at  San  Mateo,  Calif.-based 
Inovant,  a  transaction-processing  subsidiary  of  Visa 
International  Inc.  “On  average,  they  will  do  whatever 


is  ethically  reasonable  to  help  them  do  that.” 

“If  vendors  are  on  the  premises,  and  they  hang 
around  and  drop  in  on  meetings  and  talk  to  people, 
they’ll  know  far  more  than  they  should  know  about 
future  projects,  and  that  gives  them  an  advantage 
in  negotiations”  for  future  contracts,  agrees  Dave 
Weidenfeld,  managing  counsel  for  McDon¬ 
ald’s  Corp.  in  Oak  Brook,  Ill. 

What  goes  on  in  your  company  is  your 
company’s  business,  Graham  adds,  and 
the  more  inside  information  a  vendor 
gains,  the  less  control  you  have  over  the 
relationship  and  the  more  the  vendor 
can  use  that  information  to  procure  ad¬ 
ditional  work  or  freeze  out  competitors. 

“Too  much  information  becomes  like  a 
loose  cannon,”  Graham  says.  “Where 
will  it  go  and  how  will  it  be  used?  You 
don’t  know.” 

Are  the  vendors  in  your  ranks  trusted 
allies  or  corporate  spies?  Do  you  trust  in 
their  good  intentions,  share  information  and 
access  privileges  and  work  as  a  team,  or  keep 
them  at  arm’s  length,  batten  down  the  hatches  and 
accept  the  productivity  trade-off?  “There  is  a  risk 
that  if  you  bring  people  in,  they’re  going  to  learn 
things,”  says  Weidenfeld.  “You  trade  that  for  in¬ 
creased  productivity  or  more  effective  project  work.” 

“This  is  an  especially  big  issue  as  more  and  more 
companies  look  at  their  core  competencies  and  real¬ 
ize  they  need  to  partner  for  things  they  don’t  excel 
in,”  says  Andrew  Shimberg,  an  analyst  at  The  Con- 


KNOW 

PART 

Including  vendors  on  IT  teams  bolsters  project  expertise 
but  at  the  risk  of  exposing  far  too  much  inside  information. 
Here’s  how  to  get  the  most  out  of  trusted  allies  while  foiling 
corporate  spies.  BY  KATHLEEN  MELYMUKA 


48  COMPUTERWORLD  November  11, 2002 


MANAGEMENT 


cours  Group,  a  consulting  firm  in  Kingwood,  Texas. 

Bode  says  every  vendor  wants  to  know  three 
things:  What’s  your  budget?  When  do  you  need  to 
start  and  stop?  And  who’s  going  to  make  the  decision? 
“If  I  can  get  any  of  that  for  an  upcoming  project,  I 
can  circumvent  the  procurement  process,”  he  says 
(see  “Cons”  box  below). 

Some  clients  make  it  easy.  “We  give  them  keys  to 
the  company  store,”  Bode  says.  A  vendor  with  access 
to  the  physical  plant  might  see  charts  about  upcom¬ 
ing  projects  on  bulletin  boards;  information  about 


budgets,  timelines  and  project  leads  on  conference 
room  whiteboards;  or  data  left  carelessly  on  a  desk¬ 
top  or  even  on  a  PC  screen. 

An  unscrupulous  vendor  could  even  nose  around 
after  everyone  has  left  for  the  day.  “Many  of  our  peo¬ 
ple  came  from  that  side,  and  we  know  that  this  hap¬ 
pens,”  Bode  says. 

Vendors  disagree.  “This  is  the  first  I’ve  heard  of 
this  tactic  by  any  vendor,”  says  Jonathan  Thompson, 
a  spokesman  for  the  Software  &  Information  Indus¬ 
try  Association  in  Washington.  “I  find  it  hard  to  be¬ 
lieve  that  a  supplier  company  would  risk  losing  the 
client’s  loyalty  and  continued  support  through  unsa¬ 
vory  tactics.” 

Bode  stresses  that  he’s  not  questioning  the  ethics 
of  the  industry.  “We  don’t  think  all  vendors  are  un¬ 
scrupulous,”  he  says,  “but  information  is  power,  and 
we  want  a  fair  deal.” 

Ethical  or  not,  vendors  ought  to  be  treated  with 
care,  says  Gopal  K.  Kapur,  president  of  the  Center  for 
Project  Management,  a  consulting  firm  in  San  Ra¬ 
mon,  Calif. 

“When  people  walk  around,  they  listen  and  see 
and  learn,  and  they’re  going  to  use  it,”  Kapur  says. 

But  there  are  undeniable  benefits  from  giving  on¬ 
site  vendors  access.  “If  they’re  doing  tech  services 
like  a  help  desk  inside  IT,  that’s  enabling  to  the  busi¬ 
ness,”  says  the  Concours  Group’s  Shimberg.  “You 
need  to  integrate  the  help  desk  process  with  your 
other  processes,  which  should  also  be  integrated 
with  the  business.  If  you  keep  that  at  arm’s  length, 
it  will  feel  that  way  to  business  customers  as  well.”  > 


Melymuka  is  a  Computerworld  contributing  writer. 
Contact  her  at  kmelymuka@earthlink.net. 


VENDOR  ACCESS  TIPS 

about  vendor  access  issues  now,  and  develop 
a  framework  flexible  enough  to  accommodate  various 
jobs  and  vendor  relationships. 

access  details  on  a  case-by-case  basis  during 
contract  negotiations. 

EMiCAT  employees  at  all  levels  about  physical, 
virtual  and  verbal  security  issues. 

a  “need  to  know”  policy  -  and  use  it. 

future  plans  or  budgets  with  vendors. 

the  access  vendors  have  to  the  physical  plant; 
escort  them  if  necessary. 

.  NEVER  ALLOW  access  to  nontechnical  vendors. 

the  areas  vendors  can  enter.  Make  sure 
there  are  no  project  plans,  budget  figures  or  other 
future-oriented  information  on  walls  or  whiteboards. 

a  policy  about  accepting  vendor  gifts, 
lunches  or  invitations  to  play  golf  and  the  like. 


A  TRUSTING  RELATIONSHIP 
BRINGS  RESULTS 


CONS 


THE  VENDOR  THAT 
KNEW  TOO  MUCH 


“I  treat  my  Siemens  manager  the  way  I 
S™  IS  treat  my  Genzyme  manager,”  says  Mimi 

Moran,  director  of  IT  client  services  at  Gen¬ 
zyme.  “I  don’t  make  the  distinction  that  he  works  for 
someone  else;  he  works  for  me.” 

The  30  Siemens  workers  in  her  51-person  client  ser¬ 
vices  group  go  through  Genzyme’s  orientation.  They 
have  the  same  unfettered  physical  and  virtual  access  as 
most  Genzyme  employees  so  they  can  repair  and  deliver 
equipment  to  desktops  throughout  the  company.  They 
eat  at  the  cafeteria  and  attend  IT-sponsored  events. 

Recently,  the  CIO  decided  to  give  IT  personnel  a 
denim  shirt  with  a  newly  developed  IT  logo.  “We  were 
going  to  put  a  little  ‘Genzyme’  on  some  and  ‘Siemens’ 
on  the  others,  but  the  CIO  said,  ‘No,  everybody  is  IT,’  ” 
Moran  recalls. 

“We  will  trust  them  to  perform  just  like  everybody  in 
the  organization,"  she  says.  “We  don’t  hold  things  back." 

It  seems  to  be  working.  When  the  group  started  the 
engagement  three  years  ago,  it  had  a  customer  satisfac¬ 
tion  rating  of  3.8  on  a  scale  of  5.  Today,  it’s  more  than 
4.4.  “I  know  it’s  business,  but  they  do  an  awful  lot  for  us 
because  we  have  a  good  relationship,”  Moran  says.  “If 
we  didn’t,  would  they  go  that  extra  mile?” 

-  Kathleen  Melymuka 


Once,  while  working  on  a  project  for  a  client, 
Phil  Bodes  International  Computer  Negotia¬ 
tions  IT  team  was  doing  preliminary  planning 
for  a  wide-area  network.  “We  were  trying  to  figure  out  how 
to  do  it,”  he  recalls.  “There  were  charts  up  on  the  wall.” 

An  employee  of  the  company’s  long-distance  carrier 
who  had  access  to  the  facility  came  in  and  saw  the  charts. 
“He  knew  the  timeline,  and  he  got  a  pretty  good  idea  of 
the  budget  from  talking  to  people,"  Bode  says.  With  this 
information,  the  vendor  put  together  a  proposal,  and  the 
sales  rep  approached  the  CIO,  a  golfing  buddy.  He  talked 
the  CIO  into  awarding  his  company  the  contract  rather 
than  following  the  reguest-for-proposals  (RFP)  process. 

Inside  information  and  a  too-friendly  relationship  with 
the  CIO  enabled  the  vendor  to  circumvent  and  control 
the  customer’s  procurement  process,  and  things  went 
downhill  from  there.  Because  there  was  no  RFP,  the 
project  requirements  were  never  nailed  down  properly. 
Because  multiple  bidders  weren’t  heard  from,  no  new 
ideas  or  approaches  were  considered,  and  there  was  no 
competition  over  price.  “It  was  over  time  and  over  bud¬ 
get,  and  we  wound  up  spending  more  in  service  charges 
each  month  than  we  thought  we  would,”  Bode  recalls.  “It 
was  one  of  the  worst  projects  I  ever  saw.” 

-  Kathleen  Melymuka 


www.computerworld.com 


FINDING  A  HAPPY  MEDIUM 

The  key  is  to  find  a  balance  in  building  a  relationship 
with  a  vendor,  says  Tony  Romero,  CIO  at  Mitsubishi 
Motor  Sales  of  America  Inc.  in  Cypress,  Calif.  “We 
make  our  vendors  part  of  the  project  team,”  he  says. 

“We  give  them  access  to  whatever  they  need  to  do  the 
project  -  not  access  to  the  whole  world,  but  access.” 

That  means  they  attend  project  meetings,  work  side 
by  side  with  Mitsubishi  people  and  sometimes  even 
have  desks.  But  their  access  to  the  building  is  restrict¬ 
ed  to  certain  areas,  and  security  personnel  know 
when  they  come  and  go.  Their  access  to  systems  is 
also  limited.  “They  get  access  only  to  what  they  need 
to  do  a  project,”  Romero  explains.  “They  might  have 
access  to  one  specific  server  or  to  one  specific  appli¬ 
cation  on  a  server.” 

Romero’s  IT  staffers  also  make  a  distinction.  “Our 
people  are  very  careful  about  talking  with  vendors,”  he 
says.  “They  treat  them  as  team  members,  but  they  re¬ 
member  they  are  still  vendors.” 

Romero’s  approach  shows  that  managing  vendors 
on-site  isn’t  rocket  science,  but  it  does  require  some 
thought,  which  isn’t  always  a  given.  “The  majority  of 
companies  don’t  even  think  about  what  access  should 
be  given,”  says  Gopal  K.  Kapur,  president  of  the  Cen¬ 
ter  for  Project  Management. 

A  good  time  to  think  about  it  is  while  negotiating  the 
contract  with  the  vendor,  says  Genzyme’s  director  of 
IT  client  services,  Mimi  Moran.  As  you  discuss  in  detail 
what  vendors  will  do,  you  can  also  define  the  access 
they  will  need.  Larry  Graham,  a  vice  president  at  Ino- 
vant,  suggests  asking  a  simple  guiding  question  about 
vendor  access,  such  as,  Why  do  you  need  that? 

Dave  Weidenfeld,  managing  counsel  for  McDonald’s, 
says  his  company  sometimes  goes  a  step  further  to  al¬ 
lay  suspicion  that  a  vendor  is  feathering  its  nest.  “We 
have  a  contract  that  effectively  says  while  they’re  here, 
they  cannot  solicit  new  business”  with  us,  he  says. 

But  vendor  access  is  only  half  the  issue.  “Compa¬ 
nies  need  to  orient  their  own  team  members  on  secu¬ 
rity,”  Kapur  says.  For  example,  what  type  of  meeting 
do  you  invite  vendors  to  attend?  Who  gets  to  sit  in  on 
budget  meetings  in  which  you  discuss  next  year’s 
plans?  Do  your  employees  leave  sensitive  information 
on  their  desks  or  accessible  on  their  PCs?  Does  your 
CIO  know  what  not  to  talk  about  when  meeting  with  a 
vendor  exec?  “A  vendor  may  simply  ask,  ‘What  are 
your  plans  for  next  year?’  and  if  someone  blurts  it  out, 
it’s  gone,”  Kapur  says. 

Kapur  also  includes  a  security  protocol  item  in 
every  project  charter.  That  makes  it  a  point  of  discus¬ 
sion  and  forces  the  team  to  think  about  it  before  the 
project  begins.  “You  don’t  get  people  in  a  plane  and  do 
security  checks  at  30,000  feet,”  he  says.  “You  do  it 
before  you  take  off." 

-  Kathleen  Melymuka 

HWe  make  our  vendors 
part  of  the  project 
team.  We  give  them  access 
to  whatever  they  need  to  do 
the  project  -  not  access  to 
the  whole  world,  but  access. 

TONY  ROMERO,  CIO,  MITSUBISHI  MOTOR  SALES 
OF  AMERICA  INC. 


„  =- 


Systems 


if  ,ftaStHY  strxi  a«»fafc*tv  SJ* 

Sm  bu$*>t$$  Sfiicei 

■  <*Smj  »  ej^Wf  ***fwn 

■  Me^^of^wel, 

■  avvgre 

1  soitms.  Co*»v«*  proves 
I  ttutt ffSYrtshtteR&t 
I  cm> r&wm*  **  system  snu 
I  database  MCftP  srd 
J  reccvtey.  d&est0  seccvety. 

[  fseMrehfcsfJior*^ 
f  merogmeet,  #CW«8  »w 

!  ti$am&»bco 

OP rocbrtWo 
0  Request  WO 


l  iconimV#iBSysJ«nsto<.  I 

ms£X%Z££  t»»3 

.  ^  tKjrf  unsur#  tw 


*>  mkmKI.  mow  - - 

Biiver’s  Guid( 

_£T^^y3”'  Sgsr1^ 


[ocafated  OWiUBuy^W** 


Newest  V«»dw» 


^  . 

Computer  Associates  International  Inc. 

CA  un^seands  me  WdWXtoi* 

we  *e  (ocuinfl  mere  than  ever  before  c*i  delving  the  scftw«e 

CtteyxY  CRM 

O  Product  *>to 


. 


Fast. 


Now  there’s  one  convenient  place  where 
you  can  go  to  quickly  find  the  vendors 
you  need  to  do  your  job  - 
computerworld.com/bg. 

This  comprehensive  online  directory 
makes  it  easy  to  identify  all  the  players 
that  are  doing  cutting-edge  work  in  secu¬ 
rity,  storage,  supply  chain,  CRM,  ERP, 
mobile/wireless,  networking  and  more. 

So  no  matter  what  technology  challenge 
you’re  facing,  you’ll  be  able  to  locate  the 
vendors  that  can  help  you  face  it. 
Computerworld’s  Buyer’s  Guides  deliver 
them  all:  Vendors  that  can  plan  IT, 
implement  IT,  test  IT,  support  IT. 


COMPUTERWORLD 


bumruitnnuiau  ^  *  -g 

Buyers  Guides 

www.computerworld.com/bg 


i&rigi 


COMPUTERWORLD  November  11, 2002 


MANAGEMENT 


www.computerworld.com 


ocket  computers  inc.  recently 
helped  a  beer  distributor  integrate 
handheld  computers  into  a  customized 
back-office  system  so  that  salespeople 
on  the  road  could  log  orders  into 
servers  at  the  main  office. 

As  Rocket  Computers’  consultants  put  together 
the  numbers,  they  tried  to  consider  everything  that 
would  go  into  the  client’s  budget.  They  analyzed  the 
costs  of  different  handheld  models,  monthly  service 
fees,  modems,  servers,  software  and  training  —  and 
found  that  the  smallest  details  add  up  fast. 

“When  you’re  looking  at  a  project  driven  by  a 
$2,300  PalmPilot  device  ...  if  we  get  a  hundred  of 
them,  now  we’re  looking  at  a  quarter-million  dollars. 
But  then  there’s  another  $10,000  in  cables,  $5,000  in 
modems,  then  money  for  training  and  service,”  says 
Roberto  Villanueva,  president  of  Rocket  Computers 
in  Swampscott,  Mass.  “Then  your  quarter-of-a-mil- 
lion  dollars  is  fast  approaching  a  half-million  dollars.” 

Calculating  total  cost  of  ownership  (TCO)  is  rarely 
a  straightforward  task,  regardless  of  the  technology 
involved.  But  figuring  TCO  for  desktops  has  become 
particularly  tricky  in  recent  years,  as  systems  have 
evolved  to  include  much  more  than  PCs.  Now  IT 
departments  must  figure  in  costs  associated  with 
laptops,  personal  digital  assistants  (PDA),  cell 
phones  and  wireless  service  connections. 

“Just  trying  to  determine  what  goes  into  a  total 
cost  of  ownership  can  have  you  banging  your  head 
against  the  wall.  Everybody  has  a  different  opinion 
about  what  [a  desktop  system]  is,”  says  Charles  Rus¬ 


Adding  It  Up 

LAPTOP 

PDA 

PHONE 

ACQUISITION 

$2,200 

$600 

$200 

TCO 

$12,300 

$2,700 

$1,369 

INVESTMENT 

LIFE 

3-4  YRS. 

24M0S. 

18M0S. 

SOURCE:  GARTNER  INC. 

BASE:  AVERAGE  OF  100 1  1 

MOBILE  USERS,  THREE 
YEARS.  100  LAPTOPS 

.  2002 

BASE:  AVERAGE  OF  100  MOBILE1 
USERS,  THREEYEARS, 

REPLACED  TWICE 

sell,  chief  of  digital  archives  at  the  U.S.  Army  Re¬ 
serve  in  Fort  McPherson,  Ga.  “You’ve  got  to  look  at  a 
million  different  items.” 

The  Reserve,  Russell  says,  does  a  complete  life- 
cycle  cost  analysis  before  rolling  out  new  technology. 
That  analysis  covers  factors  ranging  from  the  cost  to 
deploy  the  technology  to  the  salaries  for  the  contrac¬ 
tors  who  will  support  it.  One  recent  analysis  includ¬ 
ed  about  120  categories  that  required  a  38-page 
spreadsheet. 

As  the  old  saying  goes,  the  devil  is  in  the  details. 
That’s  where  companies  often  overlook  numerous 
small  costs,  such  as  cables,  modems  and  training, 
that  can  significantly  add  to  a  desktop  system’s  TCO. 

“They  tend  to  do  good  with  the  direct  costs,”  notes 
Ian  Campbell,  president  of  Nucleus  Research  Inc.  in 
Wellesley,  Mass.  “It’s  when  it  gets  more  intangible 
that  they  tend  to  forget  about  it.” 


■ 

; 

Tallying  total 
desktop  technology 
ownership  costs 
requires  looking  well 
beyond  users’  PCs. 
By  Mary  K.  Pratt 


Campbell  and  some  IT  professionals  put  costs  into 
three  categories:  direct,  indirect  and  hidden.  Direct 
costs  include  purchase,  maintenance  and  upgrade 
costs.  Indirect  costs  include  the  added  burden  on  IT 
to  manage  the  technology  and  the  incremental  costs 
associated  with  employees  learning  to  use  new  tools. 
Hidden  costs  consist  of  things  like  added  insurance 
costs  and  the  time  the  accounting  department  needs 
to  capitalize  and  depreciate  the  new  technology. 

“Most  companies  tend  to  miss  those  indirect  costs, 
and  the  vast  majority  of  companies  miss  those  hid¬ 
den  costs,”  Campbell  says. 

Experts  say  the  best  way  to  start  calculating  TCO 
is  to  analyze  your  company’s  true  needs.  Workers  to¬ 
day  are  requesting  all  sorts  of  technology,  claiming 
that  it  can  help  them  do  their  jobs.  But  you  have  to 
ask:  Will  it  really  help  people  work  faster  or  better? 

Many  CIOs  and  chief  financial  officers  have  failed 
to  take  this  initial  step,  according  to  Phillip  Redman, 
an  analyst  at  Stamford,  Conn.-based  Gartner  Inc.  He 
says  there  has  been  a  disconnect  between  what  em¬ 
ployees  want,  what  they  need  and  what  IT  people  are 
offering.  But  that’s  beginning  to  change  as  employees 
introduce  their  own  mobile  devices  into  the  work¬ 
place  as  a  way  to  synchronize  e-mail,  calendars  and 
contact  management. 

“Most  companies  today  are  in  the  evaluation 
stage,”  Redman  says.  They  realize  that  they  need  to 
provide  the  support,  integration  and  technology  nec¬ 
essary  for  these  “toys”  to  become  corporate  tools. 

One  Piece  at  a  Time 

Redman  recommends  evaluating  a  desktop  system’s 
individual  pieces  —  the  cell  phones,  communicators 
and  integrated  PDAs  —  to  calculate  TCO.  Look  at 
each  component  separately.  If  you  try  to  assess  the 
entire  system  at  once,  there  would  be  too  many  dif¬ 
ferent  combinations  to  consider  accurately. 

“There’s  no  way  to  look  at  everything  as  a  whole, 
as  one,”  he  says. 

But  Redman  and  other  experts  emphasize  that  the 
components  shouldn’t  be  viewed  as  stand-alone 
tools.  Even  if  companies  calculate  the  TCO  for  each 
component,  they  should  consider,  for  example,  how 
a  salesperson  in  the  field  will  use  a  handheld  device, 
how  the  data  will  be  transferred  to  the  main  network 
and  how  it  can  be  accessed  from  desktop  PCs. 

But  it’s  tough  on  IT  departments  that  don’t  have 
control  over  the  separate  pieces  of  the  desktop  puz¬ 
zle  even  though  they’re  frequently  called  upon  to 
support  those  pieces. 

“Many  times,  the  handhelds  are  entering  the  orga¬ 
nization  from  the  user’s  end;  they  buy  it  themselves 
and  use  it  for  accessing  e-mail  or  company  data,” 
says  Kevin  Byrd,  senior  director  of  product  market¬ 
ing  at  JP  Mobile  Inc.,  a  software  de¬ 
veloper  in  Dallas. 

As  a  result,  users  with  vari¬ 
ous  devices  are  asking  IT  de¬ 
partments  for  support  and 
special  configurations. 
These  demands  often  cre¬ 
ate  all  sorts  of  stealth  costs 
—  from  staff  time  to  new 
software  requirements.  Sys¬ 
tems  that  are  built  up  in  such 
a  scattered  fashion  rarely  make 


www.computerworld.com 


MANAGEMENT 


COMPUTERWORLD  November  11,  2002 


TRENDS 


TCO  Without 
ROI  Is  Like  Cake 
Without  Icing 

Although  TCO  dominates  discussions 
when  companies  plan  to  roll  out  new 
technology,  analysts  say  that  execu¬ 
tives  also  need  to  consider  return  on  investment.  Looking 
only  at  today’s  costs  of  desktop  systems  could  cheat  com¬ 
panies  out  of  future  savings. 

Striking  a  balance  between  immediate  costs  and  long¬ 
term  savings  isn’t  easy.  That’s  due  in  part  to  the  nature  of 
ROI,  which  includes  gains  that  can  be  hard  to  quantify, 
such  as  increased  productivity  and  less  downtime. 

But  there  are  some  trends  to  think  about  when  weigh¬ 
ing  TCO  and  ROI. 

Bottom-line  numbers  are  crucial  for  a  company  to  see, 
particularly  now,  says  Richard  Cheston,  director  of  sys¬ 
tems  management  at  IBM’s  PC  division.  “Productivity 
gains  are  just  a  tiebreaker.  If  you  can’t  significantly  show 


cost  reduction,  productivity  improvements  won’t  get  a 
company  to  roll  out  [new  technology],”  he  says,  especially 
if  the  technology  isn’t  mission-critical. 

On  the  other  hand,  some  companies  can  easily  quantify 
ROI  based  on  productivity  gains. 

Kevin  Byrd,  senior  director  of  product  marketing  at  JP 
Mobile,  cites  one  company  that  deployed  handhelds  for 
100  salespeople  and  saw  an  average  15%  revenue  in¬ 
crease  for  each  sales  representative.  (The  company  won’t 
disclose  the  cost  of  the  rollout.) 

Charles  Russell,  the  U.S.  Army  Reserve’s  chief  of  digital 
archives,  has  even  more  impressive  figures  to  show  for  the 
Army  Knowledge  Online  portal.  An  investment  that  cost 
about  $100  million,  the  year-old  portal  has  allowed  better 
integration  of  office  PCs,  home  computers  and  laptops. 

The  savings  that  resulted  from  a  decrease  in  downtime, 
a  reduction  in  equipment  purchases  and  improvements  in 
productivity  have  been  staggering,  Russell  says.  Prelimi¬ 
nary  numbers  show  the  Reserve  saving  about  $20  million 
over  two  years.  That  kind  of  figure,  Russell  notes,  is  hard 
to  ignore  when  looking  at  TCO. 

-  Mary  K.  Pratt 


financial  sense  or  have  accurate  costs  attached  to 
them,  experts  say. 

“That’s  where  you  get  extremely  high  costs  of 
ownership  for  handhelds,”  whether  they’re  note¬ 
books,  PalmPilots  or  Pocket  PCs,  Byrd  says.  IT  staffs 
that  implement  central  control  for  desktop  system 
peripherals  can  save  a  lot. 

Standardization  Debate 

Bill  Cook,  CIO  at  the  Clovis  Unified  School  District 
in  Clovis,  Calif.,  oversees  a  network  of  10,000  com¬ 
puters,  including  3,000  to  4,000  student-owned  com¬ 
puters,  and  a  $2  million  annual  IT  budget.  Laptops 
are  already  part  of  the  district’s  desktop  system,  and 
Cook  is  analyzing  the  benefits  of  handhelds  in  pro¬ 
viding  anytime  access  to  student  information. 

The  first  step  to  reducing  costs,  Cook  says,  is  stan¬ 
dardizing  hardware.  “Together,  they  are  a  nightmare 
in  terms  of  support  costs.  It  really  does  make  a  differ¬ 
ence  to  get  one-stop  shopping,”  he  says.  The  district 
uses  IBM  hardware. 

Support  costs  are  higher  and  compatibility  issues 
are  more  time-consuming  with  hodgepodge  systems, 
says  Cook. 

“With  a  hardware  and  vendor  standard,  you  have 
less  finger-pointing  and  more  action,”  he  says. 

Many  companies  buy  desktop  PCs  from  a  single 
vendor,  analysts  say,  so  it  makes  sense  to  follow  this 
practice  for  mobile  devices  as  well. 

However,  Campbell  says,  companies  shouldn’t  al¬ 
ways  standardize.  BlackBerry  devices  work  well  for 
sales  reps  who  need  e-mail,  he  says,  but  they  won’t 
work  as  well  for  maintenance  workers  who  need 
access  to  manufacturing  systems.  Those  workers 
would  be  better  served  by  Palm  OS-based  devices. 

In  short,  says  Byrd,  companies  should  aim  for  a 
centralized  system  that  gives  the  IT  department  con¬ 
trol  and  is  flexible  enough  to  accommodate  different 
devices  and  expansion  into  other  applications. 

Other  factors  to  consider  include  how  many  work¬ 
ers  need  mobile  devices,  how  much  training  they 
need  and  how  data  will  be  backed  up  —  all  of  which 
translate  into  dollar  amounts. 

Some  industry  analysts  put  the  TCO  of  a  PDA,  in¬ 
cluding  the  cost  of  providing  support,  network  con¬ 
nectivity,  replacement  units,  training  and  software,  at 
$2,500  to  $4,400  per  year.  They  peg  the  TCO  for  a 
desktop  PC,  including  everything  from  hardware  to 
downtime,  at  $11,000  to  $12,000.  Some  say  companies 
can  add  those  numbers  to  calculate  the  per-user  cost 
for  workers  who  use  both  technologies,  a  practice 
called  “business  provisioning.” 


“You  just  add  that  on  per  user,  per  year.  That’s  why 
we  calculate  TCOs  individually,”  Redman  says. 

However,  he  and  other  experts  point  out  that  there 
will  be  overlaps,  such  as  a  shared  server,  that  can  af¬ 
fect  the  final  numbers. 

“When  the  PC  was  introduced,  it  really  was  an  in¬ 
dividualized  tool.  Now  the  PC  is  part  of  a  much  larg¬ 
er  information  system;  that’s  why  break¬ 
ing  out  the  total  cost  of  ownership  for  a 
desktop  system  is  a  tricky  proposition. 

It’s  only  one  element  of  the  system,”  says 
Anik  Ganguly,  executive  vice  president  of 
products  at  Open  Text  Corp.,  a  Waterloo, 
Ontario-based  supplier  of  collaboration 
and  knowledge  management  software. 

Analysts  say  any  calculation  of  a  desk¬ 
top  system’s  TCO  should  include  capital 
costs,  such  as  hardware,  software,  configuration  and 
training.  It  should  also  take  into  account  operational 
and  administration  costs,  such  as  the  additional  ac¬ 
counting  associated  with  paying  monthly  fees  for 
mobile  services.  Finally,  it  should  incorporate  end- 
user  expenses,  including  the  cost  of  diminished  pro¬ 
ductivity  caused  by  workers  fiddling  with  their  high- 
tech  devices. 

The  numbers  used  to  calculate  TCO  go  beyond  the 


obvious.  The  work  that  Rocket  Computers  did  for 
the  beer  distributor  is  a  good  example:  In  addition  to 
accounting  for  the  company’s  direct  costs  for  new 
Symbol  Technologies  Inc.  handhelds  and  the  sup¬ 
porting  infrastructure  —  a  communications  server, 
modems  and  wiring  —  Villanueva  analyzed  whether 
a  handheld  that  needed  to  be  plugged  into  a  cell 
phone  was  cheaper  than  the  wireless 
Symbol  model. 

After  crunching  the  numbers,  the  com¬ 
pany  decided  to  go  with  25  handhelds  that 
needed  to  be  plugged  into  phones.  If  the 
distributor  had  chosen  the  wireless  mod¬ 
el,  it  would  have  had  to  pay  $12,500  more 
for  the  handhelds  upfront,  plus  hundreds, 
maybe  even  thousands,  of  dollars  a  month 
for  transmissions  via  Cellular  Data  Packet 
Transmission  networks  —  a  variable  cost  that  Villa¬ 
nueva  says  had  the  potential  to  be  a  “runaway  train.” 

In  the  end,  companies  will  find  that  TCO  is  the 
sum  of  fixed,  variable  and  semivariable  costs. 

“A  solution  is  all  about  looking  at  hardware,  soft¬ 
ware  and  services,”  Redman  says,  “and  how  they 
connect  together  so  they  succeed.”  0 


Pratt  is  a  freelance  writer  in  the  Boston  area. 


COUNTING  COSTS 

Security  measures  that  don’t 
apply  to  PCs  should  be 
included  as  extra  costs  in 
calculating  the  TCO  of 
desktop  systems: 

©  QuickLink  33971 
www.computerworld.com 


©u 


rCGt 


iV 


New  and  improved  isn’t  necessarily  better.  But  then 
again,  sometimes  it  is.  How  do  you  decide  which 
scenario  applies  when  it  comes  to  going  mobile? 
Analysts  and  IT  professionals  offer  the  following  tips 
to  those  considering  investing  in  mobile  technology. 

■  Define  what  each  worker’s  needs  are,  and  assess 
the  department’s  objectives  as  well.  An  administrative 
assistant  who  works  at  the  same  office  every  day 
probably  doesn’t  need  a  PDA,  but  an  admissions  re¬ 


■  \  , 

m 

;|  (  | 

cruiter  who  travels  around  the  country  would  proba¬ 
bly  get  a  lot  of  use  out  of  a  laptop  computer. 

■  Study  the  mobility  patterns  of  the  users.  How  often 
do  they  work  outside  of  the  office?  Where  do  they  go? 
How  long  are  they  out? 

■  Examine  the  users’  enterprise  functions.  What  infor¬ 
mation  do  they  need?  What  applications  will  they 
need?  And  how  often  will  they  need  these  items? 


.Ufc 


■  Assess  each  employee’s  level  of  comfort  with  tech¬ 
nology.  If  someone  gets  stumped  when  he’s  working 
on  a  PC,  chances  are  he  isn’t  ready  for  the  next  level 
of  technology. 

■  Test  the  mobile  technology.  Do  this  as  you  would 
with  any  new  technology  -  in  a  pilot  program. 


■  Make  a  group  decision.  The  final  word  on  whether  to 
invest  in  mobile  technology  should  come  from  users, 
department  leaders  and  the  IT  staff  together. 

:  /  - .  *  ,v ■  •  ■ }  •:  *. '  ;/•  ^  vj 


I 


Dell  server  consolidation. 

Saves  money.  Saves  space. 

Spells  doom  for  your  old  servers. 


Dell  |  Enterprise 


Dell  PawerEdge ■"  Servers  use  Intel *  Xeon'1  Processors. 


Consolidate  with  Dell  and  you'll  need  to  find  a  new  use  for  your  old  servers. 

What  kind  of  server  consolidation  solutions  does  Dell  bring  to  your  enterprise?  Just  what  you'd  expect:  A  legendary  focus  on  you,  the 
customer,  that's  as  relentless  as  our  focus  on  driving  down  costs.  An  end-to-end  solution  that  saves  you  money  today  and  tomorrow 
by  delivering: 


o  Maximum  flexibility,  manageability,  value  and  price/performance.  Our  new  line  of  PowerEdge"  servers,  powered  by 


Intel®  Xeon®  processors,  that  consistently  rank  at  the  top  of  industry  benchmarks  such  as  TPC*  Collectively  lowering  TCO 
and  accelerating  time  to  ROI. 

®  Optimized  uptime/maximized  investment.  Dell's  new  systems  management  solutions  deploy  software,  tools  and  services 
which  simplify  and  automate  server  systems  administration.  Leveraging  your  IT  resources  and  maximizing  your  IT  dollar. 

«  Server  infrastructure  consolidation  services.  Our  comprehensive  portfolio  includes  consolidation  readiness  assessment, 
consolidation  design  and  transformation,  customer  training  and  certification,  deployment  and  high  availability  support  services. 

«  Flexible  financing  alternatives.  Dell  gives  you  a  variety  of  financing  avenues  designed  to  help  you  optimize  ROI. 


r  nearly  20  years,  we've  revolutionized  the  way  the  world  buys  and  manages  technology.  Now  find 
ut  how  Dell's  direct  approach  can  revolutionize  your  server  consolidation.  To  learn  more  about  the  Dell  ROI 
test,  visit  www.dell.com/serverROI  or  call  us  toll-free  at  1-877-434-DELL. 


Flexible  solutions  that  can  cut  costs  today  and  tomorrow.  Easy  as 


Call  1-877-434-DELL  or  visit  www.dell.com/serverROI 


32  COMPUTERWORLD  November  11, 2002 


MANAGEMENT 


www.computerworld.com 


John  Hagel  III 

In  an  interview 
with  Computer- 
worlcT  s  Thomas 
Hoffman,  the  con¬ 
sultant  and  co¬ 
author  of  Out  of 
the  Box:  Strate¬ 
gies  for  Achieving 
Profits  Today  & 
Growth  Tomorrow 
Through  Web  Ser¬ 
vices  (Harvard  Business  School 
Press,  Oct.  2002)  offers  tips  to  IT 
managers  experimenting  with  the 
nascent  set  of  technologies  and 
standards. 


What  are  some  of  the  misconcep¬ 
tions  about  Web  services?  In  truth, 
much  of  what’s  being  done  today  is 
connecting  mundane  legacy  applica¬ 
tions  with  each  other.  It’s  not  that  ex¬ 
citing;  it's  basic  plumbing  activity.  The 
real  business  value  in  the  near  term  is 
around  connecting  existing  applica¬ 
tions.  A  second  [assumption]  is  that 
the  initial  integration  will  occur  within 
the  firewall.  But  the  early  work  being 
done  is  at  the  edge  of  the  enterprise, 
such  as  connecting  procurement  and 
sales  processes  with  other  activities. 

Who  are  the  early  adopters?  I’m 

seeing  two  parallel  paths.  One  is  within 
the  IT  department,  where  there  are 
early  adoption  efforts  to  see  how  it 
works  and  how  it  can  help  integrate 
systems.  The  other  is  coming  from  the 
business  side,  where  executives  are 
faced  with  having  to  reduce  capital 
budgets  by  25%  to  30%,  and  they're 
looking  at  Web  services  as  one  way  of 
doing  that.  To  date,  there's  been  more 
focus  by  business  than  by  IT. 

What  is  the  potential  impact  of 
business-driven  Web  services  on 
CIOs  and  IT  managers?  CIOs  have 
become  very  risk-averse,  in  part  be¬ 
cause  of  a  backlash  that  returns  on 
technology  investments  weren’t  there 
over  the  past  five  to  10  years.  Also, 
CIOs  are  facing  shortening  tenures. 
They  tend  to  get  fired  with  alarming 
frequency  because  [IT  projects]  tend 
to  blow  up.  The  best  way  to  not  have 
things  blow  up  is  to  not  put  new  things 
into  the  mix.  There’s  a  challenge  for 
CIOs  to  move  to  being  focused  on  how 
technology  can  help  these  major  busi¬ 
ness  initiatives.  > 


BART  PERKINS 


A  Squeezed  Supplier 
Never  Forgets 


Anyone  can  cut  supplier  costs  in 
a  buyer’s  market.  Hard  negotiations  that 
include  pressuring  for  significant  price 
concessions  are  expected.  Many  hungry 
suppliers  will  give  in  to  your  demands  for 
lower  prices,  figuring  that  some  work  is  better  than 
none.  But  you  should  avoid  unethical  methods  that 
leave  your  suppliers  angry  and  waiting  for  revenge. 


Things  have  already 
turned  ugly.  IT  contractors 
on  a  job  in  Boston  were 
told  they  had  to  work  over¬ 
time  but  couldn’t  put  the 
extra  hours  on  their  time¬ 
cards.  Several  contractors 
refused  to  comply  and 
recorded  all  of  their  hours. 

They  found  their  contracts 
terminated  one  week  later, 
and  the  remaining  contrac¬ 
tors  got  the  message. 

The  owner  of  a  small 
Atlanta-based  accounting 
firm  signed  a  contract  to 
perform  some  work  for  a 
Fortune  500  company.  Two 
weeks  later,  she  got  a  letter  stating  that 
her  hourly  fee  had  been  reduced  by 
10%.  Furthermore,  the  hiring  company 
would  be  deducting  an  additional  5%  if 
it  paid  her  bill  within  15  days  from  the 
date  it  claimed  to  have  received  the 
bill.  When  she  called  the  company  to 
complain,  she  was  told  that  all  of  its 
professional  services  firms  were  “vol¬ 
untarily”  reducing  their  fees,  and  she 
could  take  it  or  leave  it. 

In  both  cases,  the  rules  were  changed 
unilaterally,  after  the  contracts  were 
signed.  The  suppliers  continue  to 
work  on  these  jobs,  but  they  feel . . . 
well,  propriety  prevents  reprinting 
their  actual  words  here,  so  “cheated” 
will  have  to  suffice. 

The  buyers  could  likely  have  gotten 


concessions  from  these 
suppliers  by  applying  less 
extreme  measures.  At  the 
very  least,  they  could  have 
chosen  to  exercise  the  stan¬ 
dard  “30  days’  prior  notice” 
clause  in  their  contracts 
and  renegotiated  rates  with¬ 
out  creating  an  adversarial 
situation. 

Alternatively,  the  buyers 
could  have  included  their 
suppliers  in  the  search  for 
a  solution  to  cost  pressures. 
Allowing  the  supplier  the 
opportunity  to  recommend 
how  to  reduce  costs  may  re¬ 
sult  in  a  creative  solution, 
and  it  could  foster  cooperation  instead 
of  hard  feelings.  Suppliers’  suggestions 
may  include  the  following: 

■  Decreasing  service  levels.  Loosening 
guaranteed  response  times  for  non- 
critical  areas  might  be  a  fair  trade-off 
for  lower  fees. 

■  Extending  contracts.  Lengthening  the 
contract  reduces  the  supplier’s  sales 
costs  and  allows  better  workload 
management. 

■  Using  commodity  products.  Generic 
hardware  or  software  could  be  substi¬ 
tuted  for  proprietary  technology. 

A  supplier’s  suggestions  may  be  un¬ 
acceptable.  But  imposing  Draconian 
measures  without  discussion  will  cer¬ 
tainly  rankle  the  supplier.  These  seeds 
of  resentment  often  result  in  negative 


bart  perkins,  former  CIO 
at  Tricon  Global  Restau¬ 
rants  Inc.  and  Dole  Food 
Co.,  is  managing  partner 
at  Leverage  Partners  Inc., 
which  helps  CIOs  manage 
their  IT  suppliers.  Contact 
him  at  BartFerkins® 
LeveragePartners.com. 


payback  that  could  have  been  com¬ 
pletely  avoided.  And  as  we  all  know, 
payback  is  a  nasty  thing. 

Suppliers  seeking  revenge  don’t  nec¬ 
essarily  need  to  wait  for  the  economy 
to  rebound.  A  supplier  that’s  unhappy 
about  enforced  price  concessions  will 
take  the  first  opportunity  to  make  up 
the  difference  somewhere  else,  and 
you  may  find  the  savings  you  previ¬ 
ously  beat  out  of  your  supplier  dwin¬ 
dling  away.  Suppliers  can  hammer  you 
on  change-order  fees,  increase  their 
service  charges  or  drop  their  service 
levels.  Even  worse,  they  can  move  key 
players  around  and  assign  the  B  team 
to  your  account. 

Adversarial  business  relationships 
aren’t  fun  or  productive  for  either 
side.  Disgruntled  suppliers  will  leave 
you  high  and  dry  the  moment  they 
find  a  better  customer.  Meanwhile, 
outside  the  bounds  of  the  contract, 
you  can  kiss  any  kind  of  goodwill 
goodbye.  And  worst  of  all,  if  you 
squeeze  a  small  supplier  hard  enough, 
you  might  inadvertently  drive  it  out 
of  business,  a  scenario  usually  not  in 
your  best  interests. 

Beware  of  unbound  greed  in  your 
end-of-year  negotiations.  If  your  only 
purchasing  skill  is  gouging  your  sup¬ 
plier,  you  may  win  in  today’s  econo¬ 
my,  but  you  will  lose  in  the  long  run. 
When  the  economy  rebounds,  sup¬ 
pliers  will  remember  the  customers 
who  treated  them  fairly  and  those  who 
employed  unethical  tactics.  Compa¬ 
nies  that  showed  integrity  in  hard 
times  will  get  much  better  supplier 
cooperation  in  the  future.  Good  sup¬ 
plier  management  creates  working 
relationships  that  produce  winning 
results,  regardless  of  the  state  of 
the  economy.  N 

WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives,  go  to: 

www.computerworld.com/opinions 


I 


© 


careers.com 


IT  CAREERS 


SYSTEMS  ANALYST  IV-For  co. 
specializing  in  mktg  &  mnfg  of 
computer  software;  responsible 
for  researching  changes  & 
enhancements  to  existing  features, 
product  install  processes,  tools, 
standards  &  processes.  This 
includes  testing  and  verifying 
systems  &  database  modules  to 
ensure  their  quality  &  integrity. 
Train  employees  &  customers  on 
systems  usage.  Participate  in 
process  refinement  &  improve¬ 
ment.  Coordinate  activities  of 
various  depts  to  ensure  completion 
of  the  project  on  schedule. 
Req's:  B.S.  or  equiv.  based  on 
education  and/or  work  experience, 
with  concentration  in  Comp  Sci, 
Business  or  a  related  field;  5 
years  exp.  in  job  offered  or  5 
years  technical  exp.  in  supporting 
PC's,  mainframe  or  web  based 
environments.  Proficiency  in 
Java,  SQLServer,  Microsoft  Visual 
J++,  Microsoft  Visual  Studio,  Select 
Enterprise,  Rational  Clear  Quest, 
Rational  Clear  Case,  Microsoft 
Visio  P  VCS  Defect  Tracker  &  Test 
Director.  40  hrs/wk.  Send  resume 
to  Siemens  Medical  Solutions, 
Human  Resources,  51  Valley 
Stream  Pkwy.,  Malvern,  PA  1 9355, 
FAX:  610-219-8266,  e-mail: 
human.resources@smed.com. 
EOE/AA. 


Programmer.  8a-5p;  40  hrs/wk. 
Convert  data  from  project  specs; 
prep  detailed  workflow  chart 
for  input,  output  &  logical  opera¬ 
tions,  dsgn,  implmt  &  test  comp 
prgm  using  C,  Java2,  micro¬ 
processor  prgmg,  networks  & 
UNIX,  preptech'l  documentation. 
Educational  req:  Bach  or  equiv  in 
Comp  Sci  or  Engg,  Info  Systms, 
Electrical,  Electronics  or  related 
field  of  Engg.  1  yr  exp  in  job  offd 
or  as  S/ware  Engr/Systms/Prgmr 
Analyst.  Resume:  Nextgen 
Infotech,  Inc.,  2090  Beaver  Ruin 
Rd.,  Ste  600,  Norcross  GA 
30071 


Seeking  qualified  applicants  for 
the  following  positions  in  Memphis, 
TN:  Senior  Systems  Planning 
Analyst.  Serve  as  a  project/team 
leader.  Evaluate  systems  re¬ 
quirements  and  develop  system 
configurations  to  ensure  corporate 
objectives  are  met.  Plan,  design, 
analyze,  develop  and  implement 
computer  systems.  Requirements: 
Bachelor's  degree*  in  computer 
science,  MIS,  engineering,  applied 
science  or  related  field  plus  5 
years  of  experience  in  computer 
systems  development.  Experience 
with  Visual  Basic,  SQL  Server, 
MVS/TSO  mainframe  develop¬ 
ment/interfacing  with  server  ap¬ 
plications  also  required.  'Master's 
degree  in  appropriate  field  will 
offset  2  years  of  general  experi¬ 
ence.  Submit  resumes  to  Chris 
Gibney,  Federal  Express  Corpo¬ 
ration,  2600  Nonconnah,  Suite 
191,  Memphis,  TN  38132.  EOE 
M/F/DA/. 


♦ 


S/W  ENGR 

Anlyz,  dsgn,  dev,  code,  test  & 
implement  commercial  apps 
utilizing  knowledge  of  sys.  dev. 
life  cycle.  Dev.  dsgns  based  on 
specs.  Anlyz,  eval.  &  modify  ex¬ 
isting  or  proposed  sys.  Coord, 
w/users  to  ensure  efficient  & 
timely  delivery  of  sys.  BS  in 
Comp.  Sci.,  Engrg.,  Bus.  or 
Math  plus  3  yrs  exp.  in  either 
the  position  offered  or  as  Prog. 
Analyst,  Sys.  Analyst  or  S/W 
Cons.  rqd.  Must  have  exp. 
w/Windows  &  MVS/ESA  5.2.2 
operating  sys.;  COBOL  &  MVS 
/JCL  lang.;  &  Oracle,  DB2  &  SQL 
Server  RDBMS.  High  mobility 
preferred.  40  hrs/wk,  8  am  -  5  pm, 
$60,980/yr.  Qualified  applicants 
report/submit  resume  to: 
Manager,  Westmoreland 
County  CareerLink,  300  East 
Hillis  St.,  Youngwood,  PA  1 5697- 
1808.  Refer  to  Job  Order  WEB 
284936. 


Sr.  Software  Engineer 

Design  and  development  of  re¬ 
ports,  functional  specifications, 
and  high  level  design  utilizing 
BRIO.  Must  have  Bachelors  De¬ 
gree  Computer  Science  or  Elec¬ 
tronics  or  in  a  related  field  &  3 
yrs.  exp.  or  3yrs.  exp.  in  a  related 
position  w/ability  to  use:  Brio  Ad¬ 
ministrator,  Brio  Query  Design¬ 
er,  Brio  SQR  Report  Builder,  Brio 
One  Integrator,  DB2,  J2EE,  DB2, 
SQL  Server,  and  Cold  Fusion. 
Must  be  willing  to  travel  and  re¬ 
locate. 

40.0  hrs./wk  8:00  AM  -  6:00  PM 
$76,000/Yr. 

Applicants  send  cover  letter 
and  resume  to: 

Cyber  Korp,  Inc. 

400  West  Lake  Street 
Suite  216 

Roselle  IL  60172-3572 

Attn:  HR  MGR 


NuTech  Solutions,  Inc.,  an  inter¬ 
national  software  development 
consulting  company,  has  openings 
for  Senior  Software  Developers. 
The  qualified  candidate  will  be 
responsible  for  development  of 
software  products  and  business 
solutions  for  data  acquisition, 
data  mining,  optimization  and 
knowledge  management,  using 
computa.ional  intelligence  knowl¬ 
edge  of  evolutionary  algorithm, 
etc.  Will  utilize  software  expertise 
in  system  integration,  object  ori¬ 
ented  design  and  development 
and  data  modeling.  Other  tech¬ 
nologies  that  are  key  to  this 
position  are:  Java,  C++,  Micro¬ 
soft  VisualStudio  and  Oracle. 
Minimum  requirements  are  a 
Masters  Degree  in  Computer 
Science  and  four  (4)  years  in 
design  and  development.  Please 
submit  your  resume  to  NuTech 
Solutions,  Inc.,  Attn:  V.  White, 
8401  University  Executive  Park, 
Charlotte,  NC  28262. 


Computer  Support  Spec.:  Smyrna, 
GA.  Provide  technical  support; 
maintain  commercial  credit  card 
information  system;  coordinate 
conversion  to  new  hardware  and 
software.  Req'd:  BS  (or  equiv. 
in  education  and/or  exp.)  in 
Comp.  Science  or  related  field. 
Resumes  to:  Yama  Enterprises, 
2086-B,  Cobb  Pkwy,  Smyrna, 
GA  30080. 


DATABASE  ADMINISTRATOR. 
Bachelor's  degree  or  foreign 
degree  equivalent  in  Computer 
Science,  Computer  Engineering, 
or  a  closely  related  field 
required.  Must  hold  three  years 
experience  in  database  admin¬ 
istration  using  Oracle  and  Oracle 
DRUMS  in  programming.  Work 
hours:  8  am  to  5  pm,  M-F.  Send 
resume  to  Leslie-America's 
Collectible  Network,  Inc.,  10001 
Kingston  Pike,  Suite  57, 
Knoxville,  TN  37922;  Attn:  Job 
Code  DAB. 


Test  Validation  Engineer.  Develop 
&  implement  software  for  Auto¬ 
mated  Test  &  Measurement  sys¬ 
tems  to  test  design  validation  for 
Automobile  Steering  Columns  & 
related  components  using  Lab- 
VIEW  &  VB  for  programmable 
controllers,  PC  or  embedded 
controllers.  Design  electrical 
control  systems  for  Test  & 
Measurement  applications.  Run 
component  validation  tests  & 
prepare  test  result  reports. 
Reqd:  B.S.M.E.  &  5  yrs  exp. 
40  hrs/week,  9am-5pm.  Send 
resume  to  J.  Brigham,  HR  #A28, 
Onsite  Companies,  Inc.,  7301 
Parkway  Drive,  Hanover,  MD 
21076. 


Computer/  Info.  Systems 

INFORMATION  SYSTEMS 
PROFESSIONALS 

To  participate  in  analysis,  problem 
solving,  project  design,  technical 
implementation  for  major  projects 
and  mentor  junior  level  consul¬ 
tants.  Participate  in  the  timely 
and  high  quality  delivery  of  prod¬ 
uct;  implementation,  integration, 
design,  coding,  testing  and  doc¬ 
umentation  of  custom  application 
software;  evaluate  user  require¬ 
ments  and  consult  with  design 
team  to  identify  current  procedures 
and  needs;  support  and  train 
end-use  rs.Technologies/Platforms 
used  include;  UNIX,  Windows 
NT,  SQL  Server,  or  Oracle  using 
SQL,  C/C++,  Visual  Basic,  Java, 
Coboi  and  other  appropriate 
programming  languages  in  Client 
/Server,  Network  and  Mainframe 
environments.  Must  have  a  Bach¬ 
elors  degree  or  its  equivalent, 
and  2+  yrs.  professional  experi¬ 
ence.  Send  resume  to:  Human 
Resources,  Knightsbridge  Solu¬ 
tions,  500  W.  Madison  Ave., 
Suite  3100,  Chicago,  IL  60661. 
EOE. 


Sys/Analysts  to  perform  embed¬ 
ded  systems  prog  using  VC++, 
COM,  DCOM,  CORBA,  WAP, 
Code  Warrior,  Assembly  lan¬ 
guage,  Linux  etc  for  hand  held 
PCs  and  PDAs;  develop  data¬ 
base  appls  using  Oracle,  MS 
SQL,  on  Windows/UNIX  OS;  test 
and  debug  appls  for  optimal  per¬ 
formance.  Require  BS  or  foreign 
equiv  in  CS  or  Engg  (any 
branch)  with  1  yr  exp  in  IT. 
High  Salary  f/t.  Travel  involved. 
Resumes  to  Salem  Associates, 
Inc.  405,  6th  Ave,  Ste  102,  Des 
Moines,  IA  50309. 


Senior  Programmer  Analyst 
needed  to  research,  design,  and 
develop  computer  software  sys¬ 
tems,  applying  principles  and 
techniques  of  computer  science, 
engineering,  science,  and  math¬ 
ematical  analysis,  using  the  fol¬ 
lowing  hardware/software:  IBM 
3090,  COBOL,  IMS  (DB/DC), 
JCL  and  others.  40  hrs/wk.  8am 
to  5pm.  $  57,450/year.  Requires 
Bachelor's  Degree  in  Computer 
Science  or  Engineering  and  1 
year  of  experience  in  the  job 
offered  or  as  Programmer/Pro¬ 
grammer  Analyst.  Employer  Paid 
Ad.  Send  resume  to  PO.  Box 
11170,  Detroit,  M!  48202-1170. 
Reference  No.  202495. 


Financial  Database  Analyst 
w/MS  in  Information  Systems. 
Will  apply  knowledge  of  database 
management  systems  &  perform 
full  life  cycle  system  implemen¬ 
tation  &  deployment.  Send  resume 
to:  HR  Dept.,  Metro  Bank,  9600 
Bellaire  Blvd.,  Suite  252,  Houston, 
TX  77036. 


Senior  Software  Engineer  with 
client-server  and  web  based 
applications  design  and  devel¬ 
opment  experience  to  work  out 
of  our  Dublin,  Ohio  office.  Send 
resume  to  Plante  &  Moran  LLP, 
Att:  HR  Mgr.  SSE-KT, 

3434  Granite  Circle,  Toledo, 
OH  43617-1160  or  on-line  to 
pamela.schell@plantemoian.com. 
EOE. 


Black  Belt  -  GEEP  IT 


Atlanta,  GA 


Who  we  are 


GE  Power  Systems  is  the  world’s  leading  supplier  of  power  systems 
equipment  and  services  with  global  annual  sales  of  over  $14  billion.  Our 
innovative  team  spirit  and  progressive  challenges  have  made  GE  Power 
Systems  an  environment  offering  exceptional  opportunities. 


Who  we  seek  The  Black  Belt  will  lead  the  implementation  of  medium  to  large  sized  IT 
projects  including  the  creation  of  a  data  warehouse  for  Parts  business  to 
streamline  business  reporting,  on-time  and  under  budget  to  meet 
customer  requirements  and  milestones;  work  with  functional  and 
technical  teams  to  select  vendors  for  implementing  a  robust  reporting 
environment  for  Parts  and  implement  solutions;  collaborate  with  GE 
Energy  Services  and  Power  Systems  Shared  Services  to  leverage  their 
Centers  of  Excellence  to  help  execute  different  phases  of  the  application 
development  life  cycle  for  the  data  warehouse  project;  partner  with  the 
business  quality  resources  to  build  quality  capable  processes  for  business 
reporting  and  for  selecting,  managing  8c  distributing  Parts-IT  contract 
resources  using  quality  improvement  tools;  and  integrate  quality 
programs  to  create  a  seamless  interface  to  the  customer  by  facilitating 
optimum  system/application  performance,  identifying  and  utilizing 
any/ all  digitization  opportunities  and  implementing  business 
intelligence  solutions 

The  Black  Belt  will  possess  a  BS  in  Information  Systems,  Computer 
Science,  Engineering  or  equivalent  plus  a  minimum  of  2  years 
experience  implementing  IT  projects.  The  Black  Belt  will  demonstrate 
the  ability  to  manage  multiple  projects  using  quality  improvement  tools; 
strong  situational  leadership;  and  project  risk  mitigating  skills.  Strong 
interpersonal,  presentation,  communication,  organization  and 
quantitative/ analytical  skills  are  required 


How  to  apply 


We  offer  a  competitive  salary,  an  outstanding  benefits  package  and  the 
professional  advantages  of  an  environment  that  supports  your  development 
and  recognizes  your  achievements.  To  apply,  please  send  your  resume, 
referencing  code  GEPS/ 286963/ ANQ30,  to:  opportunities@gecareers.com. 
We  are  an  Equal  Opportunity  Employer 


GE  Power  Systems 


We  bring  good  things  to  life 


Senior  Project  Manager-Re¬ 
sponsible  for  running  projects 
of  three  to  five  team  members. 
Projects  must  be  completed  on 
time,  on  budget  and  to  quality 
standards.  Duties  include  setting 
and  managing  goals  and  priorities 
with  little  or  no  guidance.  Make 
professional  level  presentations 
to  clients  and  staff.  Manage  con¬ 
tracts  effectively  and  perform  risk 
assessment.  Assist  sales  and 
marketing  personnel  with  esti¬ 
mates  of  project  work  and  costs. 
Evaluate  business  requirement 
decisions.  Develop  accurate,  viable 
project  plans.  Evaluate  perfor¬ 
mance  and  write  and  conduct 
project  reviews  forteam  members. 
Requirements  include  a  Master's 
degree  or  equivalent  in  Computer 
Science,  Electrical  Engineering 
or  a  related  field;  or  the  equivalent 
Bachelor's  degree  or  equivalent 
and  five  years  of  progressively 
responsible  experience  in  the  job 
offered  or  in  project  management 
and/or  software  development. 
Applicants  must  have  unrestricted 
authorization  to  work  in  the  United 
States.  Salary  $90, 000/year. 
40  hours/wk.  Respond  with 
two  copies  of  resume  to  Case 
#200112957,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  FI., 
Boston,  MA  02114. 


Network  Administrator:  Install, 
configure,  &  support  company's 
local  area  network  (LAN),  wide 
area  network  (WAN),  &  Internet 
system.  Maintain  network  hard¬ 
ware/  software.  Monitor/  Maintain 
network,  Supervise  network  sup¬ 
port  &  client  server  specialists. 
Plan,  coordinate  &  implement 
network  security  measures.  Req: 
Master's  Deg.  in  info,  systems  + 
1  yr.  exp.  in  job  off.  Resume  to: 
Merchant  Investment,  1120 
Powers  Ferry  Rd.  Marietta,  GA 
30067 


IT  BUSINESS  ANALYST  III 

ADT  Security  Services,  Inc.  has 
an  immediate  opening  in  its 
Boca  Raton,  Florida  office  for  an 
IT  Business  Analyst  III. 

Responsible  for  gathering  and 
understanding  business  needs, 
and  for  developing  technical 
specifications  to  be  used  by  de¬ 
velopment  staff  to  address  those 
needs. 

Must  possess  at  least  a  bache¬ 
lor’s  degree  or  its  equivalent  in 
Computer  Science,  Engineering 
or  a  related  field,  experience  as 
a  Management  Consultant/Project 
Manager/Lead,  and  experience 
with  decision  support  systems, 
multi-tier  computer  systems  and 
/or  multi-system  strategies,  busi¬ 
ness  processes  and  strategies. 
Oracle,  SQL-Server,  Sybase,  In¬ 
formatics,  Business  Objects, 
UNIX  and  Windows  NT. 

Resume  and/or  cover  letter  must 
reflect  each  requirement  above 
and  specify  reference  code 
ITBA/RJ  or  it  will  be  rejected. 

Forward  resume  to  Theresa 
Maia,  ADT,  One  Town  Center 
Road,  Boca  Raton,  FL  33486- 
1010. 


Several  computer  related  posi¬ 
tions  available  for  international 
airline  telecom  and  information 
services  company.  Degree,  tech¬ 
nical  skills  &  experience  vary  per 
position.  Send  resume  to 
Natasha  Lyttle,  SITA  INC,  3100 
Cumberland  Blvd.,  Ste  200, 
Atlanta,  GA  30339.  SITA  INC  is 
an  Equal  Opportunity  Employer. 


NuTech  Solutions,  Inc.,  an  inter¬ 
national  software  development 
consulting  company,  has  an 
opening  for  the  position  of  Vice 
President  of  Products.  The  qual¬ 
ified  candidate  will  lead  the 
design,  development  and  imple¬ 
mentation  of  mission  critical 
software  tools  and  application 
products  that  apply  computational 
intelligence  principles  (evolu¬ 
tionary  algorithms,  simulated 
annealing,  neural  networks, 
fuzzy  logic  and  hybrid  systems) 
to  business  process  optimization. 
Will  maintain  full  functional  re¬ 
sponsibility  for  the  activities  of 
team  including  selection  and 
hiring  of  programming  staff,  staff 
supervision  and  guidance,  de¬ 
velopment  of  project  specific 
goals  and  milestones,  imple¬ 
mentation  of  quality  standards 
and  procedures.  Will  represent 
the  company  at  trade  and  acad¬ 
emic  conferences.  Minimum  re¬ 
quirements  are  a  Masters  Degree 
in  Computer  Science  and  four 
(4)  years  development  experience 
designing  systems  that  apply 
computational  intelligence  prin¬ 
ciples  to  the  optimization  of  busi¬ 
ness  problems.  Must  be  fluent 
in  state-of-the  art  computational 
intelligence  area  and  technologies. 
Please  submit  your  resume  to 
NuTech  Solutions,  Inc.,  Attn:  V. 
White.  8401  University  Executive 
Park,  Charlotte,  NC  28262. 


Programmer  Analyst:  Various 
locations  in  GA.  Analyze,  design, 
develop,  re-engineer,  and  imple¬ 
ment  commercial  software  appli¬ 
cations.  Req'd:  BS  in  Comp. 
Science,  Engineering,  or  related 
field, and  2  yrs  in  job  offered,  or  2 
yrs  as  a  Software  Consultant. 
Resumes  to:  Infoglaze  Systems, 
375  Central  Ave.  Ste  96,  Riverside, 
CA  92507. 


CW021 1 1 1 EIW/MW  1 


Computerworld  •  InfoWorld  •  Network  World  •  November  1  1,2002 


IT  CAREERS 


iDia!  Networks,  Inc.  a  Telecom¬ 
munication  Services  company 
based  in  The  Woodlands,  TX  re¬ 
quires: 

Vice  President  for 
Retail  Sales  &  Marketing: 

To  develop  sales  strategies  to 
market  virtual  phone  cards  and 
virtual  phone  accounts  nation¬ 
wide  as  well  as  overseas.  Imple¬ 
ment  Agent  Program  and  estab¬ 
lish  distribution  channels. 
Manage  sales  team.  Negotiate 
rates  with  international  carriers 
from  Europe  and  Asia.  Needs  a 
Masters  degree  in  Economics  or 
relevant  field  and  4  years  rele¬ 
vant  experience  in  managing 
and  marketing  pc  based 
telecommunication  systems. 

Senior  Manager  Control  Center 
&  Web  Operations: 

To  be  responsible  for  all  e-com¬ 
merce  operations  and  to  manage 
and  develop  the  main  switching 
systems  for  web  based  call  trig¬ 
gering  telephony  projects  based 
on  Dialogic  and  Windows  2000 
platforms  and  Cisco  networking. 
Knowledge  of  Dialogic  platforms 
based  on  El  Signaling  method¬ 
ology  used  in  South  East  Asia 
and  Cisco  networking  is  essential. 
Needs  a  Bachelors  in  Electrical 
&  Electronics  Engineering  and  5 
years  relevant  experience  in  pc 
based  switching  systems. 


Database  Administrator  II.  Per¬ 
form  maintenance  &  backup 
functions  for  Oracle  d/base. 
Resolve  issues  of  moderate 
scope  by  reviewing  &  analyzing 
identifiable  factors.  Refer  more 
complex  issues  to  senior  staff. 
Collaborate  w/end  users  by  con¬ 
ducting  needs  analysis.  Dvlp  & 
implmt  d/base  dsgn  &  modeling. 
Conduct  testing  of  systms  to 
ensure  efficiency  &  accuracy. 
May  manage  security  access  & 
control  to  specific  d/base,  ensuring 
only  authorized  staff  has  access 
&  updating  capabilities.  Collabo¬ 
rate  w/end  users  in  dsgng  & 
generating  reports  &  serving  as 
tech'l  expert.  Ensure  data  re¬ 
ported  is  user-friendly  &  under¬ 
standable.  Dvlp  &  update  docu¬ 
ments  pertaining  to  systm  or 
s/ware  procedures,  reqmts,  & 
changes.  B.S.  in  Comp.  Sci.  or 
related  field  +2  yrs  exp  in  job  offd 
or  related  occupation  such  as 
S/ware  Engr  or  similar  duties 
under  different  job  title.  2  yrs  exp 
w/Oracle  d/base  admin,  RMAN, 
Unix  Shell  Scripting,  Humming 
Bird  Exceed,  IBM  AIX  (RS  6000 
series).  &  MS  NT  4.0  Oracle 
Certified  Profl  certification  reqd. 
40  hrs/wk.  $65K/yr.  Must  have 
proof  of  legal  auth  to  work  in 
US.  Send  your  resume  to  IA 
Workforce  Center,  215  Watson 
Powell  Jr.  Way.  Ste  100,  Des 
Moines,  IA  50309-1727.  Please 
ref  to  JO  #1101637.  Employer 
paid  ad. 


Smithfield  Foods,  Inc.  has 
an  opening  for  a  Distribution 
Systems  Analyst.  The  qualified 
candidate  will  ensure  proper 
configuration  and  operation  of  all 
computer  related  equipment  used 
in  the  warehouse,  coordinate 
system  upgrades  and  mainte¬ 
nance  with  warehouse  operations, 
will  analyze  requirements  and 
design,  develop  and  maintain  in¬ 
terfaces,  maintain  servers  and 
systems  reports,  and  support  ex¬ 
isting  systems.  Responsibilities 
will  also  encompass  development 
and  implementation  of  new  and 
existing  applications  and  data 
conversion  processes.  Minimum 
requirements  are  a  Bachelors 
Degree  in  Computer  Science 
and  2  years  of  experience  in 
systems  analysis,  program  design 
and  development,  applications 
implementation  and  support  or  4 
years  of  professional  experience 
in  systems  analysis,  program 
design  and  development,  appli¬ 
cations  implementation  and 
support.  Submit  resume  to 
Smithfield  Packing,  Inc.,  Attn: 
Human  Resources.  200  Com¬ 
merce  Street,  Smithfield,  VA 
23430. 


Sr.  Database  Developer  -  Design 
/implement  databases  on  SQL 
Server  2000:  Knowledge  of  object 
oriented  database  design  a 
must;  Write  Transact-SQL  &  DTS 
scripts  to  Port  database  objects: 
Write  triggers/  stored  proc.  in 
Transact-SQL;  Understand  b/z 
process.  /  translate  req.  to  SQL 
interactions  with  databases;  Un¬ 
derstand  LDAP  database  structure 
&  write  queries  to  transform  it  to 
a  normalized  database  structure; 
Write  WSH  scripts  to  import  IIS 
logs  to  Webtrends;  knowledge  of 
Webtrends  Database  Structure; 
Must  have  worked  on  SQL  2000 
SQL-XML  functionality;  Familiar 
with  Full  Text  Searching/  MS 
Indexing  Service;  develop  in- 
house  applications  (ASP,  COM, 
Javascript)  for  user  interfaces; 
conversant  with  Rational  Rose 
Data  Model;  Experience  on 
Rational  Unified  Process  a  must; 
BS  in  Comp.  Sci.  +  3  yrs.  exp. 
(Software  Dev.,  &  SQL  Server 
Database  Design  &  Admin.)  + 
Microsoft  Certificate  in  SQL 
Server.  Apply  to  Firstdoor  1425 
Ellsworth  Industrial  Drive,  #  31, 
Atlanta,  GA  30318  with  proof  of 
work  authorization. 


ALGORITHMS  ENGINEER- 
Millimetrix  Broadband  Networks, 
a  leading  provider  of  broadband 
wireless  technology,  seeks  qual¬ 
ified  applicants  for  the  position  of 
Algorithms  Engineer.  Will  perform 
specialized  research  for  new  mil¬ 
limeter  wave  products  (18  to  38 
GHz),  including  theoretical  mod¬ 
eling  and  simulations  for  High 
Gain  Channel  Coding,  Cross  Polar 
Interference  Cancellation,  Syn¬ 
chronization  and  Phase  Locked 
Loops.  Will  provide  technical 
support  for  existing  products  and 
product  upgrades.  Requres  MS 
in  Elect.Eng.  and  4+  years  expe¬ 
rience  in  research  and  develop¬ 
ment  for  broadband  applications 
(physical  layer).  Should  have 
expertise  in  Linux-C++  and  Mat- 
lab.  Send  resume,  referencing 
job  code  7-02,  to:  Millimetrix, 
attn:  Director  of  HR,  2325  Dulles 
Corner  Blvd.  #470,  Herndon, VA 
20171;  fax:  (703)  871-7302;  or 
e-mail:  hr_us@millimetrix.com. 
EOE. 


Programmer  Analyst  wanted  to 
research,  design,  and  develop 
computer  software  systems,  ap¬ 
plying  principles  and  techniques 
of  computer  science,  engineering, 
science,  and  mathematical  analy¬ 
sis,  using  the  following  operating 
systems:  MS-DOS,  Windows, 
UNIX,  and  the  following  computer 
languages:  COBOL,  DB2,  IMS, 
CICS;  Modify  system  to  address 
any  concerns  by  client  and  doc¬ 
ument  and  test  system.  40  hrs. 
/week.  8am  to  5pm.  $  59,448 
/year.  Must  possess  Bachelor's 
Degree  in  Engineering  or  Com¬ 
puter  Science  and  six  months 
of  training  in  multi-user  pro¬ 
gramming.  Employer  Paid  Ad. 
Please  send  resumes  to  MCDC 
/ESA,  PO.  Box  11170,  Detroit, 
Ml  48202-1170.  Reference  No. 
202226. 


Western  Union,  a  Division  of 
First  Data  Corporation,  a  co.  in 
Greenwood  Village,  CO  special¬ 
izing  in  e-commerce  transaction 
payment  services,  has  an  opening 
for  a  Sr.  Application  Architect  to 
work  in  Montvale,  NJ  &  other 
unanticipated  job  sites  in  the 
U.S.  Analyze  complex  internal 
business  functions  and  processes 
to  design,  develop,  code  and  im¬ 
plement  financial  software  appli¬ 
cations.  Requires  bachelors 
degree  in  computer  science;  2 
yrs.  exp.  as  a  project  manager  or 
leader;  working  knowledge  of 
TANDEM  K  and  S  Series  hard¬ 
ware  and  Guardian  90  operating 
system.  Respond  by  resume  to 
Norm  Barnett,  First  Data  Corpo¬ 
ration,  6200  S.  Quebec  St., 
Greenwood  Village,  CO  801 1 1 
and  refer  to  job  #3368NA. 


SOFTWARE  CONSULTANT 

Analyze  &  evaluate  existing  or 
proposed  software  systems.  Dsgn, 
dvlp,  implmnt  &  improve  programs, 
systems  &  related  procedures  to 
rocess  data  using  in-depth 
nowledae  of  the  software 
dvlpmnt  life  cycle  &  C/C++  pro¬ 
gramming  languages.  Encode, 
test,  debug  &  install  operating 
programs  &  other  system  software 
utilizing  exp.  with  Inges  &  SQL 
server.  Bachelor's  (or  equiv.)  in 
Comp.  Sci.,  Math,  Bus.  or  Engnrng 
+  2  yrs  exp.  in  position  offered  or 
as  a  Programmer  Analyst,  Software 
Engineer  or  Systems  Analyst 
reqd.  Exp.  must  include:  (a)  C  or 
C++  programming  languages;  and 
(b)  Ingres  or  SQL  server.  High 
mobility  preferred.  40  hrs/wk,  OT 
as  reqa,  8  am  -  5  pm,  $61 ,000/yr. 
Qualified  applicants  please  submit 
resume  to  Manager,  Washington 
County  Team  PA  CareerLmk, 
Millcraft  Center,  Suite  150LL,  90 
West  Chestnut  Street,  Washington, 
PA  15301-4517.  Please  refer  to 
Job  Order  No.  WEB  279724 


SOFTWARE  CONSULTANT 

Analyze  &  evaluate  existing  or 
proposed  software  systems.  Dsgn, 
dvlp,  implmnt  &  improve  programs, 
systems  &  related  procedures  to 
process  data  using  in-depth  know¬ 
ledge  of  the  software  dvlpmnt  life 
cycle.  Encodes,  tests,  debugs  & 
installs  operating  programs  & 
other  system  software  utilizing  IBM 
operating  systems,  CICS/COBOL 
languages  &  DB2.  Bachelor's  (or 
equiv.)  in  Comp.  Sci.,  Math,  Bus., 
Engnrng  or  Comp.  Info.  Sys.  +  2 
yrs  exp.  in  position  offered  or  as 
a  Programmer  Analyst,  Software 
Engineer  or  Systems  Analyst 
reqd.  Exp.  must  include  (a)  IBM 
operating  sys.,  (b)  CICS  &  COBOL 
languages,  and  (c)  DB2  database. 
High  mobility  preferred.  40  hrs 
/wk,  OT  as  reqd,  8  am  -  5  pm, 
$61 ,000/yr.  Qualified  applicants 
please  submit  resume  to  Manag¬ 
er,  Washington  County  Team  PA 
CareerLink,  Millcraft  Center,  Suite 
1 50LL,  90  West  Chestnut  Street, 
Washington,  PA  15301-4517. 
Please  refer  to  Job  Order  No. 
WEB280334. 


Software  Engineer  -  Orefield,  PA. 
Require  experience  in  design 
and  development  of  applications 
using  VisionPlus,  COGEN, 
COBOL,  CICS,  VSAM  and  JCL. 
Relocation  within  USA  possible. 
Attractive  compensation  package. 
Send  resume  to  Mahalingam  N 
Narayanan,  Gurus  IT  Services, 
1117  Linden  Hollow  Lane, 
Orefield,  PA  1 8069.  Email  resume 
to :  resume@gurusit.com. 


Java  Programmer 

Design,  development,  &  testing 
of  GUI  screens,  using  Java, 
Mysql,  JDBC.  Raise  &  resolve  is¬ 
sues  by  working  w/team  mem¬ 
bers.  M.S.  in  CS  or  rel.  w/abil.  to 
use  Java,  Mysql,  JDBC, 
PL/SQL,  VBScript,  HTML,  JSP, 
CGI,  LINUX,  Informix,  Oracle. 
40.0  hr/wk.  9-5  Send  resume  to 
Mr.  Ray  Little,  Vice  President, 
MediSYS,  7201  Halcyon  Summit 
Dr.,  Montgomery.  AL  36117 


Senior  Analyst  needed  w/exp  to: 
analyze, design, develop,  test  & 
support  software  applications 
using  Clarify,  Oracle,  Tuxedo, 
Visual  Basic,  Windows.  AS/400, 
RPG/400,  CL/400;  Actuate  & 
Impromptu.  Implement  software 
applications  on  Windows  opera¬ 
tions  systems  &  AS/400  operat¬ 
ing  systems.  Send  resumes 
to:  informationtechnology® 
konica.com 


Software  Design  Engineer,  Cary, 
NC:  Perform  s/ware  requirements 
analysis,  review,  design,  imple¬ 
mentation  &  testing  for  electronic 
laboratory  test  equipment.  Develop 
instrument  monitoring  &  control 
s/ware  on  Windows  NT  using 
Visual  C++,  MFC,  COM,  DCOM, 
ATL,  OLE-DB,  ODBC,  SQL 
Server,  MS  Access,  RS232, 
TCP/IP.  Perform  GUI  &  RDBMS 
design.  Maintain  firmware  in 
Assembler,  C  &  VHDL  for  Intel 
8051  series.  Evaluate  interfaces 
betw.  h/ware  &  s/ware.  Assist 
w/h/ware  design  analysis.  Manage 
version  control  of  software.  Req: 
Bachelors  in  Electronic  Engi¬ 
neering/Computer  Science  + 
5  yrs  in  job  or  as  Software 
Engineer-Electronic  Systems 
design.  Mail  resume  to:  HR, 
Varian,  Inc.  13000  Weston 
Pkwy,  Cary,  NC  27513 


Computer  Hardware  Technician 
sought  by  computer  repair, 
upgrade  and  sales  company  in 
Lakewood,  CO.  Install,  modify,  and 
make  minor  repairs  to  computer 
hardware  systems  and  peripheral 
units  including  fax  machines, 
printers,  and  scanners.  Provide 
technical  assistance  and  training 
to  system  users.  Install  hardware 
and  peripheral  components  on 
users'  premises,  following  design 
and  installation  specifications. 
Enter  commands  and  observe 
system  functions  to  verify  correct 
system  operation.  Requires  4 
years  of  experience  installing, 
modifying,  and  repairing  computer 
hardware  and  peripheral  systems 
such  as  fax  machines,  printers 
and  scanners.  M-F,  8am-5pm, 
$39,760/yr.  Respond  by  resume 
to  Employment  Programs,  PO 
Box  46547,  Denver,  CO  80202 
and  refer  to  JON  CO  5031401 . 


Software  Eng.  sought  by  Co.  that 
develops  comp.-based  physio¬ 
logical  systems  analysis  software. 
Must  have  Masters  in  Comp. 
Sci.,  Biomed.  or  Elec.  Engg., 
Applied  Math,  or  Num.  Analysis 
+  1  yr.  exp.  in  building  3D  comp, 
models  of  physiological  systems. 
Req:  C++,  Java,  comp,  control 
langs.  Response  to  H.R./J.X. 
Physiome  Sciences,  Inc.,  150 
College  Rd.  W.,  Suite  300, 
Princeton,  NJ  08540-6604. 
EOE. 


COMPUTER  SYSTEMS  ANA- 
LYST-oversee  front-end  systems 
design  by  applying  knowledge  of 
JAVA,  accounting  &  database 
systems  in  development  of  app- 
plications;  Implement  custom 
user  interface.  Min.  req:  4  yrs 
exp.  Resumes:  Cautus  Networks 
Corp.,  1333  S.  Miami  Ave.,  Ste 
303,  Miami,  FL  33130. 


Software  Engineer,  Nashua,  NH. 
Research,  design  &  dev.  comp 
softw.  sys,  in  conjunction  w/hard- 
ware  prodt  devpnt.  Consult  w/ 
hardware  ena'rs  &  ena  staff  to 
evaluate  interface  b/wn  hardware 
&  soft.,  &  operat'  I  &  performance 
req'ts  of  overall  sys.  Provide  tech, 
guidance  on  client  projects.  Will  use 
Win  NT/95,  2000,  PB,  Sybase, 
Oracle.  Visual  Basic,  C++,  UNIX, 
FORTRAN,  SQL  Server,  Visual 
Interdev,  ASP,  Java  Script,  IIS, 
MTS,  Access,  XML,  Java.  Bach's  in 
CS,  Math,  Eng  or  MIS  plus  5yrs 
as  systems  analyst/prog  analyst. 
Will  accept  Masts  +  2yrs  exp  as  a 
prog,  anal/syst.  anal.  Req.  $  85,000 
/hr,  40hrs/wk,  9:00am  to  6:00pm. 
Pis.  send  2  copies  of  resume/letters 
of  appl'n  to:  Job  Order  #  2002- 
433,  PO  Box  989,  Concord,  NH 
03302-0989 


Sr.  Systems  Analyst  for  b/z 
analysis,  software  development 
using  Java,  Visual  Basic,  Java 
Script,  SQL,  HTML,  ASP,  Rational 
Rose  UML,  EJB,  Ant,  &  Clear 
Case  on  Windows,  Windows  NT 
&  Sun  OS.  Perform  system  inte¬ 
gration  functions  including  IBM 
/DB2  projects.  Configure  Web 
Sphere,  iPlanet  &  Siebel.  Develop 
Ant  Scripts  for  data  migration  / 
deployment.  Maintain  documen¬ 
tation  and  tech,  assist,  /support. 
BS  in  Electronics  Engineering 
or  Comp.  Sci.  +  3  yr.  Exp.  in  Soft¬ 
ware  design,  development,  &  im¬ 
plement.  for  b/z  apps.  +  Sun  or 
Microsoft  Certificate  in  Program¬ 
ming.  Comp.  Salary.  Apply:  Net- 
serv,  6580  Jimmy  Carter  Blvd., 
Norcross,  GA  30071  with  work 
authzn.  proof. 


MindTree  Consulting,  an  expand¬ 
ing  IT  consulting  company  offering 
product  realization  services  to 
Internet  infrastructure  and  device 
vendors,  is  searching  for  qualified 
IT  professionals  to  join  its  grow¬ 
ing  team.  Presently,  we  have 
positions  for  Network  Adminis¬ 
trators  and  Software  Consultants. 
Experience  with  Cisco  Router, 
Compaq  servers,  Implemented 
Checkpoint  network  security  fire¬ 
walls,  Rational  Rose,  iPlanet 
Webserver,  Sun  Microsystem's 
J2EE  architecture  desired.  Qual¬ 
ified  applicants  will  have  a  bach¬ 
elor's  degree  in  a  relevant  field 
and  qualifying  industry  experi¬ 
ence.  Positions  may  require 
relocation  to  various  client  sites 
throughout  the  United  States. 
Qualified  applicants  submit 
resumes  to  HR  Department,  The 
Tower  at  270  Davidson  Avenue, 
Suite  305,  Somerset,  NJ  08873. 


Oracle  Developer/Database  Ad- 
ministrator-IT  Co.  in  Lawrence- 
ville,  NJ  needs  Database  Ad¬ 
ministrator  to  dsgn  d/base 
models  using  Designer  2000, 
Erwin  Tools,  write  d/base  creation 
scripts  &  perform  d/base  admin, 
maintenance  &  monitoring.  Will 
also  build  &  maintain  critical 
feeder  process  for  d/bases  & 
write  high  level  dsgn  &  low  level 
dsgn  documents.  BS  in  Elec¬ 
tronics  or  Comp  Engg  w/3yrs 
exp  reqd.  Prevailing  wage, 
9a-5p.  M-F.  Contact  HR  Dept  at 
609-912-0666  or  fax  resume  to 
609-912-0605. 


0  careers 


S/W  Engineers  to  analyze,  design, 
develop  and  implement  CRM, 
client/server,  web  appls  using 
Java.  Clarify  suite,  VB,  PB, 
Sybase,  Oracle,  PL/SQL,  MS 
Access  on  Windows,  Unix,  Sun 
Solaris  OS;  interact  with  users, 
obtain  user  requirements,  conduct 
system  analysis,  performance 
tuning;  test  and  troubleshoot  project 
appls;  train  end  users/team 
members.  Require:  MS  or  foreign 
equiv  in  CS/Engg  (any  branch) 
with  1  yr  exp  in  IT.  Competitive 
salary,  f/t.  Travel  involved.  Resume 
to:  HR,  ABZ  Consulting,  inc. 
3140  Briarcliff  Road,  Suite  A, 
Atlanta,  GA  30329 


Cedar  Enterprise  Solutions,  Inc.,  a 
software  consulting  and  services 
organization  has  an  opening  for 
VP-Content  Value  Management 
Technology.  The  ideal  candidate 
will  be  responsible  for  manage¬ 
ment  consultancy  encompassing 
sales  and  marketing,  account 
development  for  the  U.S.  and 
Canada  including  strategic  de¬ 
velopment  and  new  alliances 
and  product  development  for 
new  IT  technology.  Minimum 
requirements  are  a  Bachelors 
Degree  in  Marketing  and  4  years 
experience  in  marketing/sales 
manager  positions  or  6  years 
experience  in  marketing/sales 
manager  positions.  Please  submit 
your  resume  to:  Cedar  Enterprise 
Solutions,  Inc./HR,  100  East 
Pratt  Street,  Baltimore,  MD 
21202. 


I71ET2S 

Network  Service  Solutions 

NET2S  is  a  leading  International 
Consulting  and  Engineering  firm 
specializing  in  communications 
technologies.  We  are  presently 
seeking  to  fill  the  following  posi¬ 
tions: 

•  Sr.  Tibco  (RV,  Integration  Mgr) 
Developer 

•  TIBCO/TRIARCH  Systems 
Engineer 

•  Sr.  Security  Systems  Engineer 
All  positions  require  BS/MS 
degree  with  a  minimum  of  2  to  3 
years  of  experience  in  the  field. 
Must  possess  excellent  commu¬ 
nication  skills  as  well. 

NET2S,  82  Wall  Street  Suite  400, 
New  York,  NY  10005;  Fax:  (212) 
279-1960;  Phone  (212)  279-6565; 
or  Email:  iobus-nv@net2s.com 


PROG.  ANALYST 

Hexaware  Technologies,  Inc.  is 
currently  seeking  a  Programmer 
Analyst  who  holds  at  least  a  B.S. 
in  Comp.  Sci.,  Engrg.,  Business 
or  Math  &  has  one  yr.  exp.  as  a 
Prog.  Analyst,  S/W  Engr,  S/W 
Consultant  or  Sys.  Analyst.  Must 
have  exp.  w/Live  Commerce  3.0, 
Gentran  Server,  EDI  (ANSI  & 
EDIFACT),  UNIX  &  SQL  Server. 
Must  also  hold  Microsoft  Visual 
Basic  certification.  Resume  only 
to:  Rajendran  Ravindran,  Director 
-HR,  4343  Commerce  Ct.,  Ste. 
618,  Lisle,  IL  60532. 


iz-,, 


Kama  Consultin 

TOP  $$'s,  W2  or  10 


%,nc- 


We  are  a  fast  growing 
Consulting  company  based 
in  New  Jersey. 
Excellent  opportunities  for 
Programmers, 

Systems  Analysts,  DBAs. 

Sun  Solaris  System  Admins, 
Natural,  Powerbuilder, 
ADABAS,  ORACLE,  SYBASE, 
PROGRESS,  COBOL 
TCP/IP,  Delphi/VB,  Windows  NT 

Send  your  resume  to 
Rod  McFadden 
Kama  Consulting 
Fax:201-934-7166 
Email:Kamaco@  aol.com 


e-lite 

companies 


e-merging 

companies 


e-ssential 

companies 


e-normous 

opportunities 


0  careers 


JM2 


Computerworld  •  InfoWorld  •  Network  World  •  November  1  1 ,  2002 


IT  CAREERS 


NETWORK  ENG  II  -  Design, 
maintain  local  area  network. 
Train  users.  Bachelor’s  Computer 
Sci,  Eng  or  equiv  +  2  yrs  exp 
in  job  or  as  software  eng  +  com¬ 
puter  network  exp  reqd.  Com¬ 
petitive  salary.  Send  resume:  Mr. 
Buttram,  Progress  Rail,  1600 
Progress  Dr,  Albertville,  AL 
35950. 

Enterprise  Solutions,  Inc  is 
hiring  all  levels  of  Programmer 
Analysts,  Computer  Systems 
Analyst  &  Software  Engineers. 
Send  resumes  to  2118  Walsh 
Ave.,  Suite  230  Santa  Clara,  Ca 
95050.  Will  be  placed  at  client 
site  nationwide 

Software  Engineer:  Manage, 
design,  draft  specs,  create  sys¬ 
tem  plans;  develop,  configure  & 
analyze  various  comp  sys  soft¬ 
ware  applies,  web  interfaces, 
custom  reports,  custom  GUI  & 
internet  applies;  manage  clients 
&  client  integration  issues;  define 
&  determine  bus  &  sys  reqs;  pro¬ 
vide  tech  solutions  for  bus  sys; 
use  Oracle,  SQL  Server,  Access 
97/2000,  VBScript,  Visual  Basic, 
Java,  Perl,  C/C++,  ASP,  JSR 
JavaScript,  HTML,  Cystal  Re¬ 
ports,  &  DataBeacon.  Quaiif. 
BS  in  comp  sci  or  rel  field  +  3 
mos  exp  in  job  offrd.  Fax  res 
to  646-792-9210,  attn:  Tigris 
HR-Sftwr  Engr  Pos. 


Talent  is 
the  fuel  of 
the  new 
economy. 

Fill  up  with 
ITcareers. 

iTcareers  and 
IT careers.com  can 
put  your  message  in 
front  of  2/3  of  all  US 
IT  professionals.  If 
you  want  to  make 
hires,  make  your 
way  into  our  pages. 
Call  Janis  Crowley 
at 

1-800-762-2977 

ITcareers 

whei'ii  the  best 
get  better 


Global  Technical  Recruiter. 
$41 ,01 8/yr.  Recruit  technical 
professionals  and  fill  Clients' Job 
Orders  with  qualified  candidates. 
Qualify  candidates  through  tele- 
phone/in-person  interviews.  Per¬ 
form  reference,  background,  and 
suitability  checks.  Submit  candi¬ 
dates  to  Sales  Department. 
Team  up  with  Sales  to  achieve 
placements.  Perform  candidate 
maintenance  activities.  Submit 
weekly  reports  to  Corporate.  Es¬ 
tablish  new  networking  and  re¬ 
cruiting  resources.  Follow  guide¬ 
lines  as  per  the  Recruiting 
Performance  Monitor  and  the 
Quality  Management  System. 
Stay  in  tune  with  latest  market 
technology  trends.  Update  data¬ 
bases.  Perform  as  a  client  con¬ 
tact.  Coordinate  advertisement, 
placement,  and  job  fairs.  Re¬ 
quires  minimum  of  Bachelor’s 
Degree  in  Computer  Science  or 
Computer  Engineering  or  Infor¬ 
mation  Systems.  Must  have  proof 
of  legal  authority  to  work  in  the 
United  States.  Send  your  resume 
to  the  Iowa  Workforce  Center, 
800  7th  Street,  SE,  Cedar  Rapids, 
Iowa  52406-0729.  Please  refer 
to  Job  Order  IA1101625.  Em¬ 
ployer  paid  advertisement. 


Software  Engineer.  Duties:  Resp. 
for  testing  &  verifying  code  for 
Telecomm.  PCS  IT  AD  testing 
lab  using  Silk  Test.  Support  test¬ 
ing  activities  for  key  develop,  ef¬ 
forts  &  support  system  environs. 
Develop,  write  &  maintain  test 
guidelines,  test  cases  &  scripts. 
Determine  test  requirements  & 
coord,  test  scheduling.  Conduct 
systems  integration  tests,  load 
testing  &  perform  functional  test¬ 
ing  using  Rational  Test  Suite. 
Requires:  B.S.  (or  foreign  equiv.) 
in  Comp.  Sci.,  Eng.  or  a  related 
field  &  3  yrs.  exp.  in  the  job  of¬ 
fered  or  3  yrs.  exp.  as  a  Consultant 
or  Systems  Analyst.  Concurrent 
exp.  must  incl.  3  yrs.  exp.  testing 
&  verifying  code  &  3  yrs.  exp.  de¬ 
veloping  &  writing  test  cases  and 
scripts.  40  hrs/wk.  8:00  a.m.-5:0Q 
p.m.  Send  resume  (no  calls) 
to:  Danielle  David,  CTG,  Inc., 
13220  Metcalf  Ave.,  Ste.  140, 
Overland  Park,  KS  66213. 


Software  Developers  needed: 
Seeking  candidates  possessing 
BS  or  equiv.  and/or  rel.  work 
experience.  Duties  include:  ana¬ 
lyzing,  designing  and  developing 
user  interfaces;  performing 
web  based  automated  testing  & 
deploying  GUI  screens  on  various 
application  servers.  2  year  of  the 
req.  rel.  work  exp.  must  include 
working  with  JSR  JavaScript 
and  Servlets.  Mail  res.,  &  ref. 
to:  Sterling  Commerce,  4600 
Lakehurst  Ct.,  Dublin,  OH  4301 6. 


Software  Engineer 
Research,  design,  develop  soft¬ 
ware  apps.  for  connectivity  to 
SAP  using  BAPI,  Idoc  interfaces 
and  RFC  programming;  use 
C/C++  programming  language 
with  ODBC  technology  to  access 
to  SQL  Server  database.  Req. 
B.S.  Comp.  Sci.,  Elec.  Eng.  or 
equiv.  and  4  yrs.  exp.  Job  In 
Delray  Beach,  FL.  Fax  resume 
with  code  2d3d-022  to  2d3d,  Inc. 
at  561-278-7833. 


Call  your 
ITcareers  Sales 
Representative 
or  Janis  Crowley. 

1-800-762-2977 


SENIOR  SYSTEMS 
INTEGRATOR 

Perform  complex  integration 
projects  revolving  around  EMC 
Enterprise  Storage  Solutions. 
Develop  customized  software 
specifically  for  backup/recover 
systems.  Interface  with  customer 
to  gather  requirements  and  server 
/data  specific  information  to  in¬ 
corporate  into  integration  plans. 
Perform  hands-on  technical  in¬ 
tegration  of  UNIX  and  NT 
servers.  Produce  documentation 
and  provide  knowledge  transfers 
for  customer  software.  Up  to 
80%  travel.  B.S.  in  Computer 
Science  or  related  field  +  2  yrs. 
exp.  in  Systems  Administration 
(incl.  UNIX  and  NT  systems) 
req.  $85,Q00/yr.  Send  resume 
to:  HR,  CTSinc.NET,  11660 
Alpharetta  Hwy.,  Ste.  490, 
Roswell,  GA  30076. 


IT  firm  in  Detroit,  Ml  seeks  to  fill 
the  following  positions: 

SAP  CONSULTANTS:  Develop 
&  implement  functional  modules 
such  as  FI/CO,  MM,  SD,  PP,  and 
ABAP  Programming. 

PROGR  ANALYSTS:  Participate 
in  all  phases  of  s/w  development 
including  web  applications  using 
skills  such  as  Oracle  RDBMS, 
Java,  VB,  ASP,  JSP,  Servlets, 
JavaScript,  and  IBM  Web  Sphere. 

DESIGN  ENGINEERS: 

1.  Experience  in  design,  imple¬ 
mentation,  data  migration,  testing 
of  PDM  systems  like  Metaphase 
/  Wind-chill  /  Enovia;  skills  such 
as  C,  C++,  Java,  Oracle  RDBMS, 
SAP,  CAD/CAM. 

2.  Experience  in  ICAD  develop¬ 
ment  &  other  KBE  OO  Systems, 
w/strong  background  in  CAD 
/CAM/CAE. 

REQUIREMENTS 

Must  have  BS  or  MS  or  equivalent 
in  CS,  Mechanical  or  EE,  Bus 
Administration,  Finance  or  related 
field;  &  1  -5  yrs  exp  in  the  required 
area. 

Positions  are  available  in  Detroit, 
Ml  &  at  client  sites  throughout 
USA.  Please  mail  resume  to  HR, 
33533  West  12  Mile  Rd,  #131, 
Farmington  Hills,  Ml  48331 


NE  Mfg.  Co.  seeks  Network 
Admin;  perform  daily  network 
admin  including  maintenance  of 
user  accts;  configure,  install  and 
maintain  NTW  equip;  maintain  a 
high  level  security  for  LAN; 
eval/document/test/i  implement 
new  software;  asst  w/  documen¬ 
tation  of  existing  ntw  system; 
verify  completion  of  routine 
processes  including  nightly 
backup,  file  purges  and  cache 
clearing;  recommend  hardware 
/software  purchases/upgrades; 
continuous  improvement  of 
Purchaser-Supplier  relations 
thru  Shop  Asst.;  respond  to  user 
probs/provide  qualified  training. 
Min  3  yrs  in-job  exp,  including 
use  of  Programming  C++,  Fox¬ 
Pro,  TCP/IP,  SMTP,  NT,  Shop 
Assistant  or  other  integrated  bus 
manag  s’ware.  Resumes  to 
Superior  Office  Products,  23293 
Commerce  Pk  Rd,  Beachwood, 
OH  44122.  No  calls.  EOE 


Cold  Fusion  Developer.  Develop, 
design,  modify,  and  maintain  the 
SQL2000  database-driven  appli¬ 
cations  for  the  foodservice.com 
website.  Perform  analysis  and 
assist  in  the  selection  of  appropriate 
technology  through  an  under¬ 
standing  of  end-user  needs  and 
limitations. 

Competitive  salary.  Prior  experience 
must  include  five  (5)  years  of 
experience  utilizing  Cold  Fusion, 
Java,  JavaScript,  Perl /  CGI, 
SQL,  ASP,  Visual  Basic,  VBScript, 
Visual  Interdev,  COM/DCOM, 
and  Object  Oriented  and  distributed 
technology  such  as  MTS  and 
MSMQ  in  applications  regarding 
Website  security,  performance, 
and  maintenance.  Must  have 
proof  of  legal  authority  to  work  in 
the  U.S.  Applicants  should  send 
resume  demonstrating  all  minimum 
requirements  to:  Foodbuy,  LLC, 
1000  Mansell  Exchange  West, 
Suite  300,  Alpharetta,  GA 
30022.  M/F/D/V. 


Business . 
integration' 

CONFERENCE  SERIES 


November  18- 


Co-Produced  by 


orm 


Giga  Information  Groupt 

Technology  advice. 
Business  results. 


www.brainstorm-group.com 


Nearshore 
&  Offshore 
Outsourcing 
Conference 
Series 


BRAINSTORM  GROUP  &  GIGA  INFORMATION  GROUP® 


s 'fe’iesent 


Black  Belt,  Wind  IM, 

Atlanta  GA 


GE  Power  Systems  is  the  world’s  leading  supplier  of  power  systems  equipment 
and  services  with  global  annual  sales  of  over  $14  billion.  Our  innovative  team 
spirit  and  progressive  challenges  have  made  GE  Power  Systems  an 
environment  offering  exceptional  opportunities. 


Who  we  seek  The  Black  Belt  will  work  with  IT  Managers  and  Quality  Leaders  to  apply  quality 

improvement  tools  to  Energy  Product’s  business  computing  environment;  develop 
and  execute  a  plan  to  ensure  that  projects  focused  on  IM  availability  and 
performance  metrics  are  initiated  and  executed  using  those  quality  improvement 
tools;  assist  in  the  development  of  “Critical  to  Quality”  requirements  and  metrics 
to  ensure  clear  linkage  between  business  needs  and  operational  processes;  assist  in 
defining  process  maps  and  definitions,  and  collecting  data  for  the  operation  of 
EP’s  business  applications;  utilize  statistical  knowledge  to  analyze  process  data  so 
that  root  cause  errors  are  identified  and  fixed;  manage  a  portfolio  of  quality' 
projects  to  deliver  on  Wind  IM’s  operations  and  application  performance  and 
availability  goals;  coach,  mentor  and  train  team  members  on  quality  improvement 
methodologies;  and  influence,  motivate,  and  lead  others  to  project  completion. 

The  Black  Belt  wall  possess  a  BS  in  Information  Systems,  Computer  Science, 
Engineering  or  equivalent  plus  a  minimum  of  2  years  IT  experience.  The  Black 
Belt  wall  demonstrate  the  ability  to  manage  multiple  projects  using  quality 
improvement  tools;  lead  in  a  cross-functional  environment  and  to  drive  change 
in  a  complex  matrix  environment.  Strong  interpersonal,  presentation, 
communication,  organization  and  facilitation  skills  are  required.  The  Black  Belt 
must  posses  knowledge  of  MS  PowerPoint  and  Excel,  Minitab  and  Process 
Mapping/ Sim  illation  Software  (Process  Model,  Crystal  Ball  or  Viso). 


How  to  apply  We  offer  a  competitive  salary,  an  outstanding  benefits  package  and  the 

professional  advantages  of  an  environment  that  supports  your  development 
and  recognizes  your  achievements.  To  apply,  please  send  your  resume, 
referencing  code  GEPS/287250/AN030,  to:  opportunities@gecareers.com. 
We  are  an  Equal  Opportunity  Employer. 


GE  Power  Systems 

We  bring  good  things  to  life 


Computerworld  •  November  11,  2002 


COMPUTERWORLD  November  11, 2002 


RESOURCES 


www.computerworld.com 


How  to  Contact 

OMPUTERWORLD 

We  invite  readers  to  call  or  write  with  their  comments 
and  ideas.  It  is  best  to  submit  ideas  to  one  of  the  department 
editors  and  the  appropriate  beat  reporter. 


Maryfran  Johnson,  editor  in  chief 
(508)  820-8179 


DEPARTMENT  EDITORS 


Don  Tennant,  News  editor . (508)  620-7714 

Craig  Stedman,  assistant  News  editor . (508)  820-8120 

Julia  King,  Management  editor . (610)  532-7599 

Tommy  Peterson,  Technology  editor . (508)  620-7729 

Mitch  Betts,  director.  Knowledge  Centers . (301)  262-8243 


REPORTERS 

Bob  Brewin,  mobile  computing/wireless;  Intel  PCs 

and  servers:  health  care . (505)  425-3551 

Matt  Hamblen,  networking:  network  systems  management: 
e-commerce . (508)  820-8567 


Thomas  Hoffman,  information  economics: 


Lucas  Mearian,  financial  services;  storage; 

. 3UU  auuu 

. (508)  820-8215 

Linda  Rosencrance,  general  assignment; 
transportation/carriers . 

. (508)628-4734 

Carol  Sliwa,  Microsoft;  Web  services  technologies; 

application  development;  retail  industry . (508)  628-4731 

Marc  L.  Songini,  ERP;  supply  chain;  CRM:  databases; 

data  warehousing:  EAI:  CA . (508)  820-8182 

Patrick  Thibodeau,  state/federal  government:  antitrust; 

legal  issues;  politics . (202)  333  2448 

Dan  Verton,  security:  defense  and  aerospace;  travel . (703)  321-2277 


Jaikumar  Vijayan,  enterprise  systems;  ASPs/outsourcing; 


security:  manufacturing . (630)  978-8390 

Todd  R.  Weiss,  general  assignment:  Linux; 
messaging/collaboration . (717)  560-5255 

OPINIONS 

Patricia  Keefe,  editor  at  large . (508)  820-8183 

Mark  Hall,  opinions  editor . (503)  391-1158 

Frank  Hayes,  senior  news  columnist . (503)  252-0100 

FEATURES  EDITORS 

Ellen  Fanning,  special  projects  editor . (508)  820-8204 

Robert  L.  Mitchell,  technology  evaluations  editor . (508)  820-8177 

Gary  H.  Anthes,  editor  at  large . (703)  536-9233 

Jean  Consilvio,  assistant  features  editor . (508)  820-8562 

COMPUTERWORLD.COM 

Tom  Monahan,  online  director . (508)  820-8218 

Sharon  Machlis,  managing  editor/online . (508)820-8231 

Ken  Mingis,  online  news  editor . (508)  820-8545 

Marian  Prokop,  online  editor  at  large . (508)  620-7717 

Brian  Sullivan,  online  editor  at  large . (508)  620-7780 

John  R.  Brillon,  associate  art  director . (508)  820-8216 

David  Waugh,  associate  art  director . (508)  820-8142 


David  Ramel,  e-mail  newsletter  editor 
Keeley  Guillerme,  marketing  associate/researcher 


Peter  Smith,  Web  development  manager 

Kevin  Gerich,  Mark  Savery,  Web  developers 
Bill  Rigby,  associate  Web  developer 
Matthew  Moring,  graphics  designer 


RESEARCH 

Mari  Keefe,  research  manager 
Gussie  Wilson,  research  associate 


COPY  DESK 


Jamie  Eckle,  managing  editor/production . (508)  820-8202 

Michele  Lee  DeFilippo,  assistant 

managing  editor/production . (508)  820-8126 


Bob  Rawson,  Monica  Sambataro,  senior  copy  editors 
Jacqueline  Day,  Eugene  Demaltre,  Mike  Parent,  copy  editors 


GRAPHIC  DESIGN 

Stephanie  Faucher,  design  director . (508)  820-8235 

April  O’Connor,  associate  art  director 
Julie  D’Errico,  graphic  designer 
Susan  Cahill,  graphics  coordinator 

John  Klossner,  cartoonist 


ADMINISTRATIVE  SUPPORT 


Linda  Gorgone,  office  manager . (508)  820-8176 

Cheryl  Dudek,  administrative  assistant . (508)  820-  8178 


CONTRIBUTING 

COLUMNISTS 

John  Berry,  David  Foote,  Pimm  Fox, 
Michael  Gartenberg,  Dan  Gillmor, 
Thornton  A.  May,  David  Moschella, 
Bart  Perkins,  Nicholas  Petreley 


CONTRIBUTING 

WRITERS 

Amy  Helen  Johnson, 

Russell  Kay,  Sami  Lais, 
Kathleen  Melymuka,  Deborah  Radcliff 


GENERAL  INFORMATION 


TELEPHONE/FAX 

Main  phone  number ....  (508)  879-0700 

All  editors  unless  otherwise  noted  below 

Main  fax  number . (508)  875-8931 

24-hour  news  tip  line. . .  (508)  620-7716 

E-MAIL 

Our  Web  address  is 

www.computerworld.com. 

Staff  members’  e-mail  follows  this  form: 

firstnameJastname@computerworld.com. 

For  IDO  News  Service  correspondents: 

firstnamejastname@idg.com. 

LETTERS  TO  THE  EDITOR 

Letters  to  the  editor  are  welcome 
and  should  be  sent  to: 

letters@computerworld.com. 

Include  your  address  and  telephone  number. 

MAIL  ADDRESS 

PO  Box  9171,  500  Old  Connecticut  Path, 
Framingham,  Mass.  01701 

SUBSCRIPTIONS/BACK  ISSUES 

Subscription  rates:  U.S.,  $190/year;  Canada, 
$220/year;  Central  and  South  America.  $250/year; 
all  others.  $295/year 

Phone . (800)  552-4431 

E-mail. . .  circulation@computerworld.com 
Back  issues . (508)  988-7590 

REPRINTS/PERMISSIONS 

Contact . Renee  Wywadis 

Phone . . (717)  399-1900,  ext.  172 

E-mail . rwywadis@reprintbuyer.com 

Visit  www.reprintbuyer.com  to  obtain  quotes 
and  order  reprints  online. 


COMPANIES  IN  THIS  ISSUE 

Page  number  refers  to  page  on  which  story  begins.  Company  names  can  also  be 
searched  at  www.computerworld.com 


3E  TECHNOLOGIES  INTERNATIONAL  INC.. .  40 


ABERDEEN  GROUP  INC . 14 

ABN  AMRO  NORTH  AMERICA  INC . 1 

ACCENTURE  LTD .  14 

ACCESS  NOW  INC  . 18 

ACER  INC . 6.7 

ACTIVESTATE  CORP . 32 

AEA  . 12 

AETHER  SYSTEMS  INC . 42 

AFFILIATED  COMPUTER  SERVICES  INC  . .  6 

AtRMAGNET  INC . 40 

AIRWAVE  WIRELESS  INC .  40 

AMERICA  ONLINE  INC . 15 

AMERICAN  EXPRESS  CO . 27 

AMERI  TRADE  HOLDING  CORP . 1.16 

ANDIAMO  SYSTEMS  INC  . ...  14 

APPLE  COMPUTER  INC . 8 

ARSINC . 6 

ASTARO  CORP  . 16 

AT&T  CORP .  8 

AUTODESK  INC . 7 

AUTONATION  INC . 1 

A  VENT  AIL  CORP  8 

BARCLAYS  BANK  PLC . 24 

BARCLAYS  GLOBAL  INVESTORS . 24 

BEA  SYSTEMS  INC . 1 

BECHTEL  NATIONAL  INC . 7 

BLADE.  SOFTWARE  INC  .40 

BOMBARDIER  INC . 14 

BRIGHTMAJL  INC.  32 

BRK)  SOFTWARE  INC  .  42 


14 

33 

27 

14 


CARDCOPS.COM . 32 

CASIO  COMPUTER  CO . 6 

CENTER  FOR  DEMOCRACY  AND 

TECHNOLOGY . 12 

CENTER  FOR  PROJECT 

MANAGEMENT . 45.46 

CHECK  POINT  SOFTWARE 

TECHNOLOGIES  LTD . 8.12.40 

CIPHERTRUST  INC . 32 

CISCO  SYSTEMS  INC  . 1.8.14.25.40.42 

CLOVIS  UNIFIED  SCHOOL  DISTRICT . 48 

COLLABNET  INC . 24 

COMPUTER  SCIENCES  CORP . 14 

COMPUTER  SECURITY  INSTITUTE . 16 

CONTROL  DATA  CORP . . 58 

COREL  CORP . 8 

DATEK  ONLINE  HOLDINGS  CORP . 1.16 

DEFENSE  ADVANCED  RESEARCH 

PROJECTS  AGENCY . 36 

DELL  COMPUTER  CORP . 6 

DELOITTE  CONSULTING  . 14 

DHL  WORLDWIDE  EXPRESS  INC . 6 

DOLE  FOOD  CO . 52 

ELECTRONIC  DATA  SYSTEMS  CORP . 6 

ENRON  CORP . 24 

ENTERPRISE  APPLICATIONS 

CONSULTING  . 14 

ENTRUST  INC . 27 

FACETIME  COMMUNICATIONS  INC. . 15 

FARPOINT  GROUP . 20 

GARTNER  INC . 1.32.33.48 

GENERAL  ELECTRIC  CO  . 58 

GENZYMF.  CORP . 45.46 

GEORGIA  STUDENT  FINANCE 

COMMISSION  . 16 

GIGA  INFORMATION  GROUP  INC . 27 

GLOBAL  DAT  AGUARO  INC . 34 


HEWLETT-PACKARD  CO . 6,7,15,25 

HOLYOKE  MUTUAL  INSURANCE  CO . 16 

IBM . 1.8,14,18,27.48,49,58 

IDC . 6,15,32 

INFOCYCLONE  INC . 8 

INFONETICS  RESEARCH  INC . 12 

INFORMATION  TECHNOLOGY 

INDUSTRY  COUNCIL . 12 

INOVANT  INC . 45,46 

INTEL  CORP . 1.6 

INTELLITACTICS  INC . 16 

INTERNATIONAL  COMPUTER 

NEGOTIATIONS  INC . 45.46 

INTERNATIONAL  ORACLE  USERS  GROUP  .  .  14 
INTERNATIONAL  ORGANIZATION 

FOR  STANDARDIZATION . 6 

INTERNET  SECURITY  SYSTEMS  INC . 34 

J&R  SCHUGEL  TRUCKING  INC . 42 

JP  MOBILE  INC . 48.49 

JUNKBUSTERS  CORP . 32 

JUPITER  MEDIA  METRIX  INC . 7 

KINGLAND  SYSTEMS  CORP . 34 

KRAFT  FOODS  INC . 25 

KURZWEIL  TECHNOLOGIES  INC . 36 

LEVERAGE  PARTNERS  INC . 52 

LIBERTY  ALLIANCE  PROJECT . 27 

LILIEN  SYSTEMS  INC .  . .  15 

LOEWS  CORP . 12 

LONDON  LIFE  INSURANCE  CO . 1 

LOTUS  SOFTWARE  GROUP . 18 

LUMETA  CORP  . 34 

MACRO  VISION  INC . 32 

MAIL  ABUSE  PREVENTION 

SYSTEM  LLC . 32.33 

MAYER.  BROWN,  ROWE  &  MAW . 7 

MCDONALD'S  CORP  45,46 

MERCATOR  SOFTWARE  INC . 1 

META  GROUP  INC . 1.16,18 

MICROSOFT  CORP . 1.6.7,8.14.27.42.58 

Mil . 27 

MITSUBISHI  MOTOR  SALES 

OF  AMERICA  INC .  46 

MOBILISA  INC  . 20 

MUSEUM  OF  MODERN  ART .  8 


NCR  CORP . 7,58 

NOKIA  INC . 7 

NORFOLK  SOUTHERN  CORP . 32 

NORTEL  NETWORKS  LTD . 12 

NOVELL  INC . 8 

NRX  GLOBAL  CORP . 14 

NUCLEUS  RESEARCH  INC . 48 

OKENA  INC . 16 

OPEN  TEXT  CORP . 48 

ORACLE  CORP . 8,14 

ORGANIZATION  FOR  THE  ADVANCEMENT 
OF  STRUCTURED  INFORMATION 

STANDARDS . 27 

OSHKOSH  B'GOSH  INC . 7 

OSTERMAN  RESEARCH  INC . 15 

PALM  INC . 6.48 

PENNSYLVANIA  STATE  UNIVERSITY . 18 

PERFECT  ORDER  INC . 15 

PLAIN  DEALER  PUBLISHING  CO . 7 

PREEMPTIVE  SOLUTIONS  INC . 8 

PROCTER  &  GAMBLE  CO . 6 

PROTIVITI  INC . 24 

PROVIDENCE  HEALTH  PLAN . 7 

PUBLIC  BROADCASTING  SERVICE . 7 

RCA  CORP . 58 

RED  HAT  INC . 7 

RHAPSODY  NETWORKS  INC . 14 

ROCKET  COMPUTERS  INC . 48 

SANS  INSTITUTE . 40 

SAP  AG . 14 

SEEBEYOND  TECHNOLOGY  CORP .  1 

SIEMENS  BUSINESS  SERVICES  LTD.  . . .  45.46 

SKIDMORE.  OWINGS  &  MERRILL  LLP . 7 

SOCIETY  FOR  INFORMATION 

MANAGEMENT . 24.25 

SOFTWARE  &  INFORMATION  INDUSTRY 

ASSOCIATION .  45 

SOUTHWEST  AIRLINES  CO . 18 

ST.  ONGE.  RUFF  &  ASSOCIATES . 16 

SUMMIT  STRATEGIES  INC . 27 

SUN  LIFE  FINANCIAL  SERVICES 

OF  CANADA  INC . 1 

SUN  MICROSYSTEMS  INC . 1.6.15.27 

SYMANTEC  CORP . 6 


SYMBOL  TECHNOLOGIES  INC . 20,48 

TARIAN  SOFTWARE  INC . 8 

THE  CONCOURS  GROUP . 45 

THE  SPAMHAUS  PROJECT . 33 

THE  YANKEE  GROUP . 6 

TIBCO  SOFTWARE  INC . 1 

TIVOLI  SOFTWARE . 8 

TOSHIBA  AMERICA  INFORMATION 

SYSTEMS  INC . 7 

TOYOTA  MOTOR  CORP . 25 

TRANSALTA  CORP . 14 

TRICON  GLOBAL  RESTAURANTS  INC . 52 

TRIPWIRE  INC . 40 

TUMBLEWEED  COMMUNICATIONS  CORP.  .  32 

TYCO  INTERNATIONAL  LTD . 24 

U.S.  ARMY  RESERVE . 48,49 

U.S.  DEPARTMENT  OF  DEFENSE . 36 

U.S.  DEPARTMENT  OF  JUSTICE . 58 

U.S.  FEDERAL  COMMUNICATIONS 

COMMISSION . 8 

U.S.  NAVY . 20 

U.S.  SECURITIES  AND  EXCHANGE 

COMMISSION . 8.24 

U.S.  STEEL  CORP . 1 

UNIVERSITY  OF  CALIFORNIA, 

LOS  ANGELES  . 25 

UNITED  AIR  LINES  INC . 27 

UNIVERSITY  OF  BALTIMORE . 7 

UPSHOT  CORP . 8 

VERISIGN  INC . 16.27 

VERIZON  COMMUNICATIONS . 8 

VIAWEST  INTERNET  SERVICES  INC . 34 

VISA  INTERNATIONAL  INC . 45 

VITRIA  TECHNOLOGY  INC . 1 

VIVATO  INC . 20 

VLAMIS  SOFTWARE  SOLUTIONS  INC . 14 

WEBMETHODS  INC . 1 

WHALE  COMMUNICATIONS  LTD . 12 

WISTRON  CORP .  6 

WORLDCOM  INC . 8,24 

XEROX  CORP . 32 

YAHOO  INC.  15 


ADVERTISER’S  INDEX 


American  Power  Conversion . 9 

www.  apcc .  com 
888-289-APCC 

Apple . 2-3 

www.apple.com 

BMC  Software . 20 

www.bmc.com 

Brio . 21 

www.brio.com 

Computer  Associates . 4,18 

www.ca.com 

Dell  . 50-51 

www.dell.com 

Gateway . 43 

www.gateway.com 

IBM  Linux . 26 

www.ibm.com 

IBM/Siebel . 16/17* 

www.ibm.com 

IBM  Server  Consolidation . 38-39 

www.ibm.com 

IBM  x-Serles  . 37 

www.ibm.com 

Imation . 41 

www.imation.com 

Intel . 13 

www.intel.com 

Microsoft  Agility  . 22-23 

www.microsoft.com 

Microsoft  Desktop . 10-11 

www.microsoft.com 

Microsoft  Visual  Studio . 30-31 

www.microsoft.com 

Motion  Computing  . 35 


www.motioncomputing.com 

Premier  100  IT  Leaders  Conference  .17 

www.computerworld.com/p100 

Storage  Networking  World  Online  .  44 


www.snwonline.com 

Sun  Microsystems  . 60 

www.sun.com 

SUNGard . 24/25* 

www.sungard.com 

Tibco  . 19 

www.tibco.com 

Veritas . 29 

www.veritas.com 


‘Regional  Select  Edition 


The  index*  »  provided  as  on  dddhioruil&ofvicv.  The  pub¬ 
lisher  do«o  i  va  assume  any  Uobdtty  for  wroroo*  omustona. 


www.computerworld.com 


NEWS 


COMPUTERWORLD  November  11,  2002 


Continued  from  page  1 

Citrix 

said,  AutoNation’s  Corporate 
Licensing  Program  agreement 
no  longer  exists  as  a  valid 
method  to  procure  software. 

Other  difficulties  involve 
Citrix’s  value-added-reseller 
model,  Leitz  said.  When  Auto¬ 
Nation’s  reseller  went  out  of 
business  two  years  ago,  some 
of  its  Citrix  purchase  history 
went  with  it,  he  noted. 

When  AutoNation  upgraded 
to  a  new  version  of  Citrix’s 
MetaFrame  XPe  product,  it 
had  to  go  through  a  three- 
month  process  of  faxing  3- 
year-old  purchase  orders  and 
agreements  to  Citrix  “to  re¬ 
view  what  we  believed  was 
purchased,  vs.  what  Citrix  had 
on  record,”  Leitz  said. 

“Not  a  pretty  process,  to  say 
the  least,”  he  added. 

Tony  Silva,  a  vice  president 
of  IT  in  the  Troy,  Mich.,  office 
of  ABN  Amro  North  America 
Inc.,  said  it  has  been  some¬ 
what  complicated  to  keep 
track  not  only  of  the  Citrix  li¬ 
censes  but  the  other  software 
applications  running  on  the 
Citrix  servers  as  well. 

Jim  McGrath,  a  senior  man¬ 
ager  of  product  and  technical 
marketing  at  Citrix,  said  the 
difficulties  can  be  particularly 
frustrating  for  longtime  cus- 


Citrix’s 

Licensing 

Changes 

MAY  1998  Subscription  Advan¬ 
tage  option  is  launched. 

MARCH  1999  Electronic 
licensing  option  is  added. 

FEBRUARY  2001  Licensing 
model  based  on  servers  and 
concurrent  users  is  aggregat¬ 
ed.  Licensing  is  now  based 
only  on  concurrent  user  con¬ 
nections. 

MAY  2002  One-year  Subscrip¬ 
tion  Advantage  plan  is  made 
mandatory. 


tomers  that  may  have  gone 
through  several  different  li¬ 
censing  programs  and  dis¬ 
count  structures. 

Citrix  has  started  to  address 
the  problems.  The  company 
launched  an  electronic  licens¬ 
ing  option  in  March  1999,  and 
this  August,  it  introduced  an 
Easy  Licensing  program  that 
lets  customers  buy  products 
as  they  need  them  without  a 
formal,  written  contract. 

Using  the  Easy  Licensing 
option,  customers  can  consoli¬ 
date  multiple  license  contracts 
to  a  single  serial  number,  so 
they  don’t  have  to  manually 
enter  their  many  20-digit 


Continued  from  page  1 

Web  Services 

formation  from  disparate  ap¬ 
plications  to  a  portal.  Al¬ 
though  the  portal  would  be 
used  for  a  wide  range  of  busi¬ 
ness  functions,  it  would  also 
help  with  integration,  he  said. 

Hugh  Jurkiewicz,  a  corpo¬ 
rate  architect  technologist  in 
the  Wellesley  Hills,  Mass.,  of¬ 
fice  of  Sun  Life  Financial  Ser¬ 
vices  of  Canada  Inc.,  said  he 
can  foresee  Web  services 
technology  complementing 
his  firm’s  integration  work  in 
situations  where  security  and 
transaction  needs  aren’t  high. 

Jurkiewicz  said  he  also 
hopes  that  Web  services  will 
drive  integration  broker  ven¬ 
dors  to  lower  the  high  price  of 
their  software. 

“For  more  mission-critical 
application  integration  needs, 
we  may  not  wish  to  experiment 
with  Web  services,”  he  said. 

As  has  been  the  case  for 
some  time,  IT  managers  con¬ 
tinued  to  express  concerns 
about  the  immaturity  of  Web 
services  standards,  particular¬ 
ly  in  the  area  of  security. 

“The  security  issues,  I  think, 
are  going  to  be  a  big  issue  with 
our  company.  The  standards 
aren’t  all  there  yet,”  said  Tim 
Lienemann,  a  senior  technical 
designer  at  Pittsburgh-based 


numbers,  McGrath  said. 

But  McGrath  said  it  would 
be  far  better  if  the  information 
from  Citrix’s  product  activa¬ 
tion  system  was  uploaded  to 
its  secure  license  site  so  cus¬ 
tomers  can  see  what  they  have 
purchased,  when  they  bought 
it  and  how  much  of  their  Sub¬ 
scription  Advantage  option  is 
left  on  each  of  their  licenses. 

Adding  Licenses 

As  of  May,  all  new  Citrix  li¬ 
censes  had  to  be  purchased 
with  a  one-year  subscription 
that  entitles  customers  to  any 
new  product  updates  released 
over  that  period. 


U.S.  Steel  Corp.,  whose  inter¬ 
nal  development  staff  does 
much  of  its  integration  work. 

Janelle  Hill,  an  analyst  at 
Meta  Group  Inc.  in  Stamford, 
Conn.,  said  only  a  small  per¬ 
centage  of  IT  shops  are  cur¬ 
rently  incorporating  Web  ser¬ 
vices  into  their  integration 
strategies  or  requirements  be¬ 
cause  of  confusion  over  what 
Web  services  are  and  where 
they  might  be  used  in  their  ap¬ 
plication  portfolios. 

A  ‘Thin  Veneer’ 

Hill  said  that  during  the  next 
five  years,  integration  vendors 
and  IT  shops  will  experiment 
by  wrapping  a  “thin  veneer” 
around  their  applications,  in 
the  form  of  Web  Services  Def¬ 
inition  Language  (WSDL)  in¬ 
terfaces. 

However,  Hill  predicted  that 
it  will  take  at  least  five  years 
for  companies  to  re-engineer 
their  core  applications  to  be 
service-oriented  and  gain  in¬ 
teroperability  “without  a 
whole  lot  of  transformation 
being  required  in  the  middle.” 

Roy  Schulte,  an  analyst  at 
Gartner,  said  very  few  applica¬ 
tions  will  run  entirely  free  of 
Web  services,  if  for  no  other 
reason  than  “because  every 
vendor  in  the  world  has  built 
it  into  their  products.” 

Schulte  recommended  that 
companies  building  new  ap- 


Templeton  said  customers 
may  be  adding  licenses  on  a 
monthly  basis,  and  each  time 
they  do,  they  get  another  li¬ 
cense  number  that  must  be 
added  into  the  system  for  acti¬ 
vation  purposes. 

“If  you  buy  licenses  every 
single  month,  all  these  clocks 
are  ticking,  and  their  alarms  are 
going  off  every  12  months  all 
over  over  the  place,”  Temple¬ 
ton  said.  “It’s  too  complicated.” 

Bob  Kruger,  chief  technolo¬ 
gy  officer  at  Citrix,  said  the 
technology  will  be  the  easy 
part  of  solving  the  problem. 
“The  tough  part  is  scoping  out 
what  you  need  to  do  and  then 


AT  A  GLANCE 

EAI  Tools 

Technologies  used  today  for  most 
enterprise  application  integration 
work  include  the  following: 

Commercial  integration 
brokers 

Programming  tools 

File-transfer  utilities 

Database  management  sys¬ 
tem  gateways 

Electronic  data  interchange 
tools 

Screen  scrapers 

Message-oriented 

middleware 

Extract-transform  tools 


plications  from  scratch  em¬ 
ploy  a  service-oriented  archi¬ 
tecture  and  use  WSDL  to  doc¬ 
ument  the  interfaces.  That 
will  make  it  easier  to  integrate 
those  applications  with  exist¬ 
ing  legacy  and  purchased  ap¬ 
plications,  because  it  will  have 
“nice,  defined  calls,”  he  said. 

Companies  can  then  wrap 
their  older  applications  with 
WSDL  interfaces  and  write 
the  code  needed  to  transform 
the  data.  Or  they  can  purchase 
an  integration  broker  from 
specialized  vendors  such  as 
Tibco  Software  Inc.,  web- 


how  you  get  other  processes 
within  the  company  to  interact 
with  those  changes,”  he  said. 

Kruger  said  he  can’t  provide 
details  because  the  system 
hasn’t  been  finished,  but  he 
noted  that  some  technology 
will  be  third-party-based  and 
integrated  by  Citrix. 

In  the  meantime,  Citrix  is 
adding  license-activation  im¬ 
provements  to  a  new  Meta- 
Frame  update,  due  next  year. 

Alvin  Park,  an  analyst  at 
Gartner  Inc.,  said  many  ven¬ 
dors  are  considering  new  tools 
to  not  only  help  customers 
track  their  licenses  but  also  to 
keep  them  in  compliance.  > 


Methods  Inc.,  SeeBeyond 
Technology  Corp.,  Mercator 
Software  Inc.  and  Vitria  Tech¬ 
nology  Inc.,  or  from  large  ven¬ 
dors  such  as  IBM  and  Micro¬ 
soft  Corp. 

Schulte  said  that  only  a 
small  percentage  of  IT  shops 
now  use  integration  brokers, 
but  he  predicted  that  more 
will  use  them  as  Web  services 
help  drive  down  the  high  cost 
of  the  adapters  that  are  need¬ 
ed  to  make  connections  be¬ 
tween  different  applications. 

“If  you  put  in  Web  services 
and  you  cut  the  cost  of  the 
adapters  in  half,  then  you’ve 
cut  the  entire  project  cost  by  a 
quarter,  and  suddenly  projects 
that  you  couldn’t  cost-justify 
before,  you  can  now  cost-justi¬ 
fy,”  he  said. 

But  it  may  take  some  time 
for  the  impact  to  trickle  down 
to  IT  shops.  One  IT  manager 
at  a  large  retail  chain,  who  re¬ 
quested  anonymity,  said  he  is¬ 
n’t  interested  in  the  Web  ser¬ 
vices  strategies  of  integration 
brokers  “because  it’s  still  in 
the  big-hype  cycle.” 

“With  Web  services,  it’s  go¬ 
ing  to  be  a  long  buy-in  phase,” 
he  said.  ► 


MORE  ON  WEB  SERVICES 

For  full  coverage  of  Web  services,  visit  our 
App  Development  Knowledge  Center: 

QuickLink  kllOO 
www.computerworld.com 


PB„od,c«l  postage  paid  at  F, am, ogham  Mass  .  and  other  mailing  offices  Posted  unde.  Canadian  International  Publication  agreement  .40063800  CANADIAN  POSTMASTER  Please  return  undeliverable  copy  to  PO  Boa  1632^  Windsor.  Ontano  N9A  7C9  ComputeoeorW  (ISSN  00X3  4841)  *  pub.. v  • 

a  single  comb, ned®ssue  for  the  last  two  weeks  In  December  by  Computerworld.  Inc..  500  Old  Connecticut  Path.  Box  9171.  Framingham.  Mass  01701-9171  Copyright  2002  by  Compute™,, Id  Inc  All  rights  reserved.  Compute™,, Id  can  be  purchased  on  microti  m  and  microfiche  through  U, 
l^lty  Micmhlms  in?  300  N  Zeeb  Road.  Ann  Art*,.  Mich  48106.  Computerworld  Is  indexed.  Back  issues.  II  ava, table,  ma,  be  purchased  from  the  circulation  department  Photocopy  rights:  permission  tophotocopylor  internal  or  personal  use -granted by  Compute™,*)  Inc  for  libraries  and  other  u  .■ 
.  h  (  hr  Clearance  Center  (CCC)  provided  that  the  base  fee  of  S3  per  copy  of  the  article,  plus  50  cents  per  page,  is  paid  directly  to  Copyright  Clearance  Center.  27  Congress  St  Salem.  Mass  01970  Repimts  (minimum  100  copies)  and 

^rRay  ?^o"mpu.erwor,d  Reprints,  c/o  Re Z  Management, ces.  Greenfield  Corporate  Center.  181,  Olde  Homestead  Lane,  Lancaster  Pa  17801  (717,  399  1900  Ex,  124  Fax  (71^399-8900  Web 
site  www  rmsrepfinls.com.  E  mall:  rtry®rmsrepr,nts  com  Requests  lor  missing  issues  will  be  honored  only  ,f  received  withm  60  days  of  issue  date.  Subscription  rates:  $5  per  copy:  U.S.  -  S190  per  year.  Canada  -  $220  per  ^Central  *  So.  America.  $250 
per  year:  EuioiT  $295  per  year,  all  other  countries  -  $295  per  year  Subscriptions  call  toll-free  (800)  552-4431.  POSTMASTER:  Send  Form  3579  (Change  of  Address)  to  Computerworld.  PO  Box  512.  Mount  Morns.  III.  61054-0612. 


BPA  ABM  ^ 


3 8  COMPUTERWORID  November  11,  2002 


THE  BACK  PAGE 


FRANK  HAYES  ■  FRANKLY  SPEAKING 

The  New  IBM 

WHAT,  YOU  WERE  EXPECTING  that  maybe  Micro¬ 
soft  would  be  drawn  and  quartered?  That  wasn’t 
going  to  happen.  U.S.  District  Judge  Colleen  Kol- 
lar-Kotelly  closed  a  few  loopholes,  but  the  settle¬ 
ment  she  OK’d  on  Nov.  1  was  pretty  much  what 
Microsoft,  the  Department  of  Justice  and  nine  states  had  agreed  on. 
Judges  like  settlements.  So  do  appeals  courts.  Unless  something 
smells  especially  awful,  settlements  get  OK’d  so  cases  can  be  closed. 


So,  has  Microsoft  scored  a  big  win,  as  its  foes 
are  screaming?  Not  really.  Microsoft  has  just 
been  confirmed  as  the  new  IBM  —  complete 
with  an  antitrust  noose  around  its  neck. 

Let’s  take  a  lesson  from  history.  Sure,  some 
anti-Microsoft  folks  really  did  believe,  at  this 
late  date,  that  Microsoft  might  still  be  broken 
up.  But  that  was  wishful  thinking.  A  stripped- 
down  Windows  was  a  possibility,  but  unlikely. 
Like  I  said,  appeals  courts  like  settlements.  Just 
ask  Stanley  Sporkin. 

Remember  Judge  Sporkin?  He  threw  out  the 
original  Microsoft/Justice  Department  antitrust 
settlement  in  1995  because  he  thought  it  wasn’t 
tough  enough.  An  appeals  court  reinstated  it, 
and  everyone  complained  that  the  agreement 
was  toothless  and  Microsoft  was  getting  off 
scot-free.  A  judge  named  Thomas  Penfield 
Jackson  finally  signed  off  on  the  deal. 

Two  years  later,  that  “toothless”  agreement 
landed  Microsoft  back  in  Judge  Jackson’s  court. 
The  year  after  that,  Microsoft  was  hit  with  the 
full-fledged  antitrust  suit  that  now  has  it  under 
court  supervision  for  the  next  five  to  seven 
years  as  a  convicted  monopolist. 

That’s  how  antitrust  cases  work.  There’s  no 
big  bang,  no  high-profile  execution  —  just  a 
long,  slow  tightening  of  the  noose. 

You  say  that  doesn’t  help  the 
companies  that  get  crushed  by  the 
monopolist?  No,  it  doesn’t.  But 
that’s  nothing  new.  Remember, 
monopolist  IBM  rolled  over  General 
Electric,  RCA,  Honeywell,  Control 
Data,  Burroughs,  Sperry,  NCR,  Am¬ 
dahl  and  many  smaller  mainframe 
vendors  on  the  way  to  becoming  the 
original  800-pound  gorilla  in  IT. 

The  Justice  Department  started 
tightening  the  antitrust  noose  on 
IBM  way  back  in  1932.  But  what 
finally  knocked  Big  Blue  out  of  the 
top  spot  —  and  actually  had  IBM  on 


the  ropes  by  1992  —  was  a  new  technology 
called  desktop  computing,  where  IBM’s  main¬ 
frame  monopoly  power  was  irrelevant.  Hob¬ 
bled  by  antitrust  consent  agreements  and  on¬ 
going  lawsuits,  IBM  was  outflanked  by  com¬ 
petitors  that  cloned  its  PC  hardware  and  the 
company  that  owned  the  operating  system  — 
a  nimble  little  upstart  from  Redmond,  Wash., 
named  Microsoft. 

Now  Microsoft,  the  new  IBM,  has  its  own 
antitrust  noose.  Sure,  it’ll  get  tighter.  In  50  or 
60  years,  it  may  slow  down  Microsoft  enough 
for  a  competitor  to  put  it  on  the  ropes,  too. 

So  if  you’re  counting  on  antitrust  enforce¬ 
ment  to  get  rid  of  your  current  800-pound 
gorilla,  you’d  better  be  very  patient. 

Or  you  could  learn  from  history. 

Nobody  knocked  out  IBM  by  building  a  bet¬ 
ter  mainframe.  Microsoft  and  rival  PC  makers 
did  it  by  making  IBM’s  monopoly  irrelevant. 
They  changed  the  rules,  the  technology  and  the 
business  model. 

You  want  to  beat  Microsoft’s  monopoly? 
You’ll  have  to  make  it  irrelevant.  If  you’re  a  ven¬ 
dor,  maybe  that  means  trying  new  price  points 
that  Microsoft  is  afraid  to  touch.  Or  new  tech¬ 
nologies  that  will  make  Windows  irrelevant.  Or 
a  new  business  model,  like  open  source. 

If  you’re  an  IT  shop,  it  probably 
means  looking  hard  at  alternatives 
you’ve  never  considered  before  — 
thinking  outside  the  conventional 
IT  box,  maybe  way  outside  it,  to 
find  new  ways  of  making  users 
more  productive  and  effective. 

Whether  you’re  a  vendor  or  user, 
that’s  the  only  way  to  get  that  800- 
pound  gorilla  off  your  back. 

Because  the  antitrust  noose 
around  its  neck  may  slow  it  down 
a  little.  But  if  you  want  to  draw  and 
quarter  Microsoft,  you’ll  have  to  do 
it  yourself.  I 


frank  hayes,  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  tor  more 
than  20  years.  Contact  him  at 

frank.hayes^computerworld.com 


www.computerworld.com 


Do  You  Really  Want  an  Answer? 

This  e-business  project  connects  customers  and  sup¬ 
pliers  to  a  utility  company’s  mainframes,  and  the  man¬ 
aging  pilot  fish  takes  no  chances  -  there  are  weeks  of 
user  training  and  nine  months  of  testing  before  it  goes 
live.  Result:  On  Day  1,  there’s  exactllpne  user  who  re¬ 
ports  a  showstopping  problem.  “I’ve  logged  into  the 
system,”  user  says.  “Now  what  do  I  do?” 


SHARK 

TANK* 


Count  On  It 

Company  wants 
to  give  discount 
cards  to  its  cus¬ 
tomers.  And  ex¬ 
ecutives  want  to  be  able 
to  support  100  million 
customers  -  but  with 
just  a  six-digit  ID  num¬ 
ber  for  each  customer. 
That’s  mathematically 
impossible,  IT  consultant 
pilot  fish  points  out,  even 
if  you  used  every  num¬ 
ber  from  000000  up  to 
999999.  Next  question: 
“What  if  we  don’t  assign 
them  sequentially?” 

That  Often? 

IT  pilot  fish  sets  up 
e-mail  for  each  salesper¬ 
son  at  this  auto  dealer¬ 
ship.  “The  idea  was  that 
prospective  car  buyers 
could  e-mail  them  via  a 
form  on  the  dealership 
Web  site  and,  hopefully, 
end  up  buying  a  car,” 
says  fish.  “A  week  later, 
one  salesman  stopped 
me  in  the  showroom  to 
say  how  wonderful  his 
e-mail  was  and  to  tell 
me  he  intended  to  check 
it  every  week.” 

Yeah,  Really 

Upset  engineer  needs 
some  files  restored  that 
he  accidentally  dragged 
to  the  Windows  recycle 
bin,  he  tells  help  desk 
pilot  fish.  Didn’t  you  see 
the  “Confirm  File 
Delete”  message?  fish 
asks.  Nope,  says  engi¬ 
neer  -  he  turned  that  off. 


"It’s  poor  engi¬ 
neering  ”  he 
says,  “  when  it 
should  be  per¬ 
fectly  clear 

that  since  I’ve  dragged 
them  to  the  recycle  bin,  I 
do  want  to  delete  them.” 

Heck,  Why  Not? 

What  this  company 
needs  is  a  network  man¬ 
agement  system,  bosses 
decide.  Some  $80,000 
and  months  of  late 
nights  and  weekends 
later,  if  sjMjy  in  place. 
“Only  missed  the  pro¬ 
duction  target  date  by 
six  days,”  says  a  pilot 
fish  on  the  project.  That 
very  week,  operations 
manager  who  approved 
the  new  system  sticks 
his  head  into  fish’s  office 
with  a  question:  “This 
network  management 
system  -  is  this  some¬ 
thing  we  could  target  for 
outsourcing?” 

Much  Better 

User  hates  her  keyboard: 
“The  keys  ||§k,  the  re¬ 
sponse  isn’t  good,”  she 
tells  IT  pilot  fish.  So  fish 
replaces  it.  Now  the 
keys  are  too  high  and  it 
doesn’t  feel  right,  she 
says.  “In  the  end,  I 
cleaned  up  her  old  key¬ 
board  and  gave  it  back 
to  her,”  says  fish.  “She 
came  back  and  said  this 
keyboard  was  wonderful 
-  much  better  than 
either  of  the  keyboards 
she  had  previously.” 


OFEED  THE  SHARK!  Send  your  true  tale  of  IT  life  to 
sharky@computerworld.com.  You  snag  a  snazzy 
shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 

computerworld.com/sharky. 


What  you  want. 

To  remain  at  the  forefront  of  industry,  today’s 
IT  leaders  need  easy  access  to  strategic 
information,  news  analysis  and  advice. 
Computerworld  delivers  with  coverage  that 
emphasizes  and  advocates  for  the  user 
perspective,  providing  balanced,  objective 
reporting  on  a  wide  range  of  technologies, 
business  trends,  career  topics  and  management 
issues.  Computerworld  gives  you  the  tools  you 
need  to  succeed-to  evaluate  and  implement 
technology  solutions  that  put  you  one  step  ahead 
of  your  competition. 


How  you  want  it. 

With  a  cutting-edge  suite  of  offerings  across 
print,  online  and  events,  we  ensure  that  you  have 
access  to  the  information  you  need  in  a  way  that 
is  most  useful  to  you-from  weekly  analysis  and 
perspective  in  print  to  daily  e-mail  newsletters  to 
high-value  peer-to-peer  conferences. 

When  you  want  it. 

24  hours  a  day,  7  days  a  week,  every  week, 
there’s  no  better  way  to  stay  in  tune,  in  touch,  and 
on  top  of  today’s  ever-changing  world  of  IT  than 
with  Computerworld. 

Visit  computerworld.com  to  subscribe  or  to 
access  our  vast  array  of  IT  resources. 


COMPUTERWORLD 

The  Newspaper  for  IT  Leaders 


Daily  or  weekly  breaking  news 
updates,  commentary  and 

practical  tips. 

; 

•  V  •  * . . < 

Knowledge  Centers 

Robust  research  centers  with 
in-depth  coverage  focused  on 
18  key  IT  issues  including 
security,  storage,  ROI  and 
more. 

•  ■  ■ 

Buyer’s  Guide 

Comprehensive  product  and 


Computerworld  Store 

Reports.,  white  papers  and 


WHY  NOT  GET 
STATE-OF-THE-ART 
TECHNOLOGY  AT 
STATE-OF-THE- 
ECONOMY  PRICES? 


Admit  it.  Everything  you  do  is  mission-critical.  So  instead 
of  sacrificing  security  and  availability  for  an  entry-level 
server,  why  not  get  a  mission-critical  server  starting  at  $995? 
See  the  entire  line  at  SUN.COM/WHYNOT 


+Sun 

microsystems 


©2002  Sun  Microsystems,  Inc.  All  rights  reserved.  Sun,  Sun  Microsystems  and  the  Sun  logo  are  trademarks  or  registered  trademarks  of  Sun  Microsystems,  Inc.  in  the  United  States  and  other  countries. 


